summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsg@openbsd.org <jsg@openbsd.org>2020-02-26 13:40:09 +0000
committerDamien Miller <djm@mindrot.org>2020-02-28 12:26:28 +1100
commitd5ba1c03278eb079438bb038266d80d7477d49cb (patch)
tree6d8dd2d802af796bcb7c9d6d018196a448bb9ff6
parent9e3220b585c5be19a7431ea4ff8884c137b3a81c (diff)
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
Diffstat
-rw-r--r--auth-options.c5
-rw-r--r--auth2-chall.c5
-rw-r--r--auth2-passwd.c5
-rw-r--r--authfd.c8
-rw-r--r--channels.c11
-rw-r--r--cipher.c8
-rw-r--r--clientloop.c5
-rw-r--r--digest-libc.c5
-rw-r--r--hmac.c5
-rw-r--r--hostfile.c5
-rw-r--r--kex.c5
-rw-r--r--monitor.c5
-rw-r--r--ssh-add.c11
-rw-r--r--ssh-agent.c5
-rw-r--r--ssh-dss.c8
-rw-r--r--ssh-ed25519-sk.c8
-rw-r--r--ssh-ed25519.c20
-rw-r--r--ssh-keygen.c26
-rw-r--r--ssh-xmss.c20
-rw-r--r--sshbuf-misc.c11
-rw-r--r--sshbuf.c5
-rw-r--r--sshkey.c44
-rw-r--r--umac.c5
23 files changed, 86 insertions, 149 deletions
diff --git a/auth-options.c b/auth-options.c
index 2d200944c..b63782de7 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.90 2019/11/25 00:54:23 djm Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.91 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -222,8 +222,7 @@ sshauthopt_free(struct sshauthopt *opts)
222 free(opts->permitlisten[i]); 222 free(opts->permitlisten[i]);
223 free(opts->permitlisten); 223 free(opts->permitlisten);
224 224
225 explicit_bzero(opts, sizeof(*opts)); 225 freezero(opts, sizeof(*opts));
226 free(opts);
227} 226}
228 227
229struct sshauthopt * 228struct sshauthopt *
diff --git a/auth2-chall.c b/auth2-chall.c
index c57387b71..3acd0a837 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-chall.c,v 1.52 2019/11/13 04:47:52 deraadt Exp $ */ 1/* $OpenBSD: auth2-chall.c,v 1.53 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Per Allansson. All rights reserved. 4 * Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -147,8 +147,7 @@ kbdint_free(KbdintAuthctxt *kbdintctxt)
147 if (kbdintctxt->device) 147 if (kbdintctxt->device)
148 kbdint_reset_device(kbdintctxt); 148 kbdint_reset_device(kbdintctxt);
149 free(kbdintctxt->devices); 149 free(kbdintctxt->devices);
150 explicit_bzero(kbdintctxt, sizeof(*kbdintctxt)); 150 freezero(kbdintctxt, sizeof(*kbdintctxt));
151 free(kbdintctxt);
152} 151}
153/* get next device */ 152/* get next device */
154static int 153static int
diff --git a/auth2-passwd.c b/auth2-passwd.c
index 6601e8664..bb5f8192d 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-passwd.c,v 1.17 2019/09/06 04:53:27 djm Exp $ */ 1/* $OpenBSD: auth2-passwd.c,v 1.18 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -66,8 +66,7 @@ userauth_passwd(struct ssh *ssh)
66 logit("password change not supported"); 66 logit("password change not supported");
67 else if (PRIVSEP(auth_password(ssh, password)) == 1) 67 else if (PRIVSEP(auth_password(ssh, password)) == 1)
68 authenticated = 1; 68 authenticated = 1;
69 explicit_bzero(password, len); 69 freezero(password, len);
70 free(password);
71 return authenticated; 70 return authenticated;
72} 71}
73 72
diff --git a/authfd.c b/authfd.c
index 05fd45401..9831a1290 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.121 2019/12/21 02:19:13 djm Exp $ */ 1/* $OpenBSD: authfd.c,v 1.122 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -561,10 +561,8 @@ ssh_remove_identity(int sock, struct sshkey *key)
561 goto out; 561 goto out;
562 r = decode_reply(type); 562 r = decode_reply(type);
563 out: 563 out:
564 if (blob != NULL) { 564 if (blob != NULL)
565 explicit_bzero(blob, blen); 565 freezero(blob, blen);
566 free(blob);
567 }
568 sshbuf_free(msg); 566 sshbuf_free(msg);
569 return r; 567 return r;
570} 568}
diff --git a/channels.c b/channels.c
index 226ba7a39..19c22c4ef 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.395 2020/01/25 06:40:20 djm Exp $ */ 1/* $OpenBSD: channels.c,v 1.396 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -625,14 +625,12 @@ channel_free(struct ssh *ssh, Channel *c)
625 if (cc->abandon_cb != NULL) 625 if (cc->abandon_cb != NULL)
626 cc->abandon_cb(ssh, c, cc->ctx); 626 cc->abandon_cb(ssh, c, cc->ctx);
627 TAILQ_REMOVE(&c->status_confirms, cc, entry); 627 TAILQ_REMOVE(&c->status_confirms, cc, entry);
628 explicit_bzero(cc, sizeof(*cc)); 628 freezero(cc, sizeof(*cc));
629 free(cc);
630 } 629 }
631 if (c->filter_cleanup != NULL && c->filter_ctx != NULL) 630 if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
632 c->filter_cleanup(ssh, c->self, c->filter_ctx); 631 c->filter_cleanup(ssh, c->self, c->filter_ctx);
633 sc->channels[c->self] = NULL; 632 sc->channels[c->self] = NULL;
634 explicit_bzero(c, sizeof(*c)); 633 freezero(c, sizeof(*c));
635 free(c);
636} 634}
637 635
638void 636void
@@ -3295,8 +3293,7 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh)
3295 return 0; 3293 return 0;
3296 cc->cb(ssh, type, c, cc->ctx); 3294 cc->cb(ssh, type, c, cc->ctx);
3297 TAILQ_REMOVE(&c->status_confirms, cc, entry); 3295 TAILQ_REMOVE(&c->status_confirms, cc, entry);
3298 explicit_bzero(cc, sizeof(*cc)); 3296 freezero(cc, sizeof(*cc));
3299 free(cc);
3300 return 0; 3297 return 0;
3301} 3298}
3302 3299
diff --git a/cipher.c b/cipher.c
index 820bc6ace..54d325ee2 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.c,v 1.114 2020/01/23 10:24:29 dtucker Exp $ */ 1/* $OpenBSD: cipher.c,v 1.115 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -328,8 +328,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
328#ifdef WITH_OPENSSL 328#ifdef WITH_OPENSSL
329 EVP_CIPHER_CTX_free(cc->evp); 329 EVP_CIPHER_CTX_free(cc->evp);
330#endif /* WITH_OPENSSL */ 330#endif /* WITH_OPENSSL */
331 explicit_bzero(cc, sizeof(*cc)); 331 freezero(cc, sizeof(*cc));
332 free(cc);
333 } 332 }
334 } 333 }
335 return ret; 334 return ret;
@@ -434,8 +433,7 @@ cipher_free(struct sshcipher_ctx *cc)
434 EVP_CIPHER_CTX_free(cc->evp); 433 EVP_CIPHER_CTX_free(cc->evp);
435 cc->evp = NULL; 434 cc->evp = NULL;
436#endif 435#endif
437 explicit_bzero(cc, sizeof(*cc)); 436 freezero(cc, sizeof(*cc));
438 free(cc);
439} 437}
440 438
441/* 439/*
diff --git a/clientloop.c b/clientloop.c
index 05fc92861..5bfccdd35 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.341 2020/02/26 01:31:47 dtucker Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.342 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -473,8 +473,7 @@ client_global_request_reply(int type, u_int32_t seq, struct ssh *ssh)
473 gc->cb(ssh, type, seq, gc->ctx); 473 gc->cb(ssh, type, seq, gc->ctx);
474 if (--gc->ref_count <= 0) { 474 if (--gc->ref_count <= 0) {
475 TAILQ_REMOVE(&global_confirms, gc, entry); 475 TAILQ_REMOVE(&global_confirms, gc, entry);
476 explicit_bzero(gc, sizeof(*gc)); 476 freezero(gc, sizeof(*gc));
477 free(gc);
478 } 477 }
479 478
480 ssh_packet_set_alive_timeouts(ssh, 0); 479 ssh_packet_set_alive_timeouts(ssh, 0);
diff --git a/digest-libc.c b/digest-libc.c
index 12737e5d5..86a1dbf29 100644
--- a/digest-libc.c
+++ b/digest-libc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: digest-libc.c,v 1.6 2017/05/08 22:57:38 djm Exp $ */ 1/* $OpenBSD: digest-libc.c,v 1.7 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 * Copyright (c) 2014 Markus Friedl. All rights reserved. 4 * Copyright (c) 2014 Markus Friedl. All rights reserved.
@@ -230,8 +230,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
230 if (digest) { 230 if (digest) {
231 explicit_bzero(ctx->mdctx, digest->ctx_len); 231 explicit_bzero(ctx->mdctx, digest->ctx_len);
232 free(ctx->mdctx); 232 free(ctx->mdctx);
233 explicit_bzero(ctx, sizeof(*ctx)); 233 freezero(ctx, sizeof(*ctx));
234 free(ctx);
235 } 234 }
236 } 235 }
237} 236}
diff --git a/hmac.c b/hmac.c
index 32688876d..7b588019e 100644
--- a/hmac.c
+++ b/hmac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hmac.c,v 1.13 2019/09/06 04:53:27 djm Exp $ */ 1/* $OpenBSD: hmac.c,v 1.14 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Markus Friedl. All rights reserved. 3 * Copyright (c) 2014 Markus Friedl. All rights reserved.
4 * 4 *
@@ -131,8 +131,7 @@ ssh_hmac_free(struct ssh_hmac_ctx *ctx)
131 explicit_bzero(ctx->buf, ctx->buf_len); 131 explicit_bzero(ctx->buf, ctx->buf_len);
132 free(ctx->buf); 132 free(ctx->buf);
133 } 133 }
134 explicit_bzero(ctx, sizeof(*ctx)); 134 freezero(ctx, sizeof(*ctx));
135 free(ctx);
136 } 135 }
137} 136}
138 137
diff --git a/hostfile.c b/hostfile.c
index 4a0349a60..7af47adf3 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.77 2020/01/25 00:21:08 djm Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.78 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -298,8 +298,7 @@ free_hostkeys(struct hostkeys *hostkeys)
298 explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); 298 explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
299 } 299 }
300 free(hostkeys->entries); 300 free(hostkeys->entries);
301 explicit_bzero(hostkeys, sizeof(*hostkeys)); 301 freezero(hostkeys, sizeof(*hostkeys));
302 free(hostkeys);
303} 302}
304 303
305static int 304static int
diff --git a/kex.c b/kex.c
index ce85f0439..899036e6e 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.156 2020/01/23 10:24:29 dtucker Exp $ */ 1/* $OpenBSD: kex.c,v 1.157 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -670,8 +670,7 @@ kex_free_newkeys(struct newkeys *newkeys)
670 } 670 }
671 free(newkeys->mac.name); 671 free(newkeys->mac.name);
672 explicit_bzero(&newkeys->mac, sizeof(newkeys->mac)); 672 explicit_bzero(&newkeys->mac, sizeof(newkeys->mac));
673 explicit_bzero(newkeys, sizeof(*newkeys)); 673 freezero(newkeys, sizeof(*newkeys));
674 free(newkeys);
675} 674}
676 675
677void 676void
diff --git a/monitor.c b/monitor.c
index 2ce89fe90..9a67d937b 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */ 1/* $OpenBSD: monitor.c,v 1.209 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -893,8 +893,7 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
893 /* Only authenticate if the context is valid */ 893 /* Only authenticate if the context is valid */
894 authenticated = options.password_authentication && 894 authenticated = options.password_authentication &&
895 auth_password(ssh, passwd); 895 auth_password(ssh, passwd);
896 explicit_bzero(passwd, plen); 896 freezero(passwd, plen);
897 free(passwd);
898 897
899 sshbuf_reset(m); 898 sshbuf_reset(m);
900 if ((r = sshbuf_put_u32(m, authenticated)) != 0) 899 if ((r = sshbuf_put_u32(m, authenticated)) != 0)
diff --git a/ssh-add.c b/ssh-add.c
index 18f4e12dd..c7bb02cb0 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.153 2020/02/18 08:58:33 dtucker Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.154 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -105,8 +105,7 @@ static void
105clear_pass(void) 105clear_pass(void)
106{ 106{
107 if (pass) { 107 if (pass) {
108 explicit_bzero(pass, strlen(pass)); 108 freezero(pass, strlen(pass));
109 free(pass);
110 pass = NULL; 109 pass = NULL;
111 } 110 }
112} 111}
@@ -521,8 +520,7 @@ lock_agent(int agent_fd, int lock)
521 fprintf(stderr, "Passwords do not match.\n"); 520 fprintf(stderr, "Passwords do not match.\n");
522 passok = 0; 521 passok = 0;
523 } 522 }
524 explicit_bzero(p2, strlen(p2)); 523 freezero(p2, strlen(p2));
525 free(p2);
526 } 524 }
527 if (passok) { 525 if (passok) {
528 if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) { 526 if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) {
@@ -533,8 +531,7 @@ lock_agent(int agent_fd, int lock)
533 lock ? "" : "un", ssh_err(r)); 531 lock ? "" : "un", ssh_err(r));
534 } 532 }
535 } 533 }
536 explicit_bzero(p1, strlen(p1)); 534 freezero(p1, strlen(p1));
537 free(p1);
538 return (ret); 535 return (ret);
539} 536}
540 537
diff --git a/ssh-agent.c b/ssh-agent.c
index 7eb6f0dc5..9e8366a7c 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.255 2020/02/06 22:30:54 naddy Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.256 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -620,8 +620,7 @@ process_lock_agent(SocketEntry *e, int lock)
620 fatal("bcrypt_pbkdf"); 620 fatal("bcrypt_pbkdf");
621 success = 1; 621 success = 1;
622 } 622 }
623 explicit_bzero(passwd, pwlen); 623 freezero(passwd, pwlen);
624 free(passwd);
625 send_status(e, success); 624 send_status(e, success);
626} 625}
627 626
diff --git a/ssh-dss.c b/ssh-dss.c
index a23c383dc..fddc29cc9 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */ 1/* $OpenBSD: ssh-dss.c,v 1.39 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -200,10 +200,8 @@ ssh_dss_verify(const struct sshkey *key,
200 BN_clear_free(sig_s); 200 BN_clear_free(sig_s);
201 sshbuf_free(b); 201 sshbuf_free(b);
202 free(ktype); 202 free(ktype);
203 if (sigblob != NULL) { 203 if (sigblob != NULL)
204 explicit_bzero(sigblob, len); 204 freezero(sigblob, len);
205 free(sigblob);
206 }
207 return ret; 205 return ret;
208} 206}
209#endif /* WITH_OPENSSL */ 207#endif /* WITH_OPENSSL */
diff --git a/ssh-ed25519-sk.c b/ssh-ed25519-sk.c
index b6f28c09a..f784776d4 100644
--- a/ssh-ed25519-sk.c
+++ b/ssh-ed25519-sk.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ed25519-sk.c,v 1.4 2019/11/26 03:04:27 djm Exp $ */ 1/* $OpenBSD: ssh-ed25519-sk.c,v 1.5 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2019 Markus Friedl. All rights reserved. 3 * Copyright (c) 2019 Markus Friedl. All rights reserved.
4 * 4 *
@@ -154,10 +154,8 @@ ssh_ed25519_sk_verify(const struct sshkey *key,
154 details = NULL; 154 details = NULL;
155 } 155 }
156 out: 156 out:
157 if (m != NULL) { 157 if (m != NULL)
158 explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ 158 freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
159 free(m);
160 }
161 sshkey_sig_details_free(details); 159 sshkey_sig_details_free(details);
162 sshbuf_free(b); 160 sshbuf_free(b);
163 sshbuf_free(encoded); 161 sshbuf_free(encoded);
diff --git a/ssh-ed25519.c b/ssh-ed25519.c
index 5163e0297..7dee82707 100644
--- a/ssh-ed25519.c
+++ b/ssh-ed25519.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */ 1/* $OpenBSD: ssh-ed25519.c,v 1.8 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> 3 * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
4 * 4 *
@@ -83,10 +83,8 @@ ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
83 r = 0; 83 r = 0;
84 out: 84 out:
85 sshbuf_free(b); 85 sshbuf_free(b);
86 if (sig != NULL) { 86 if (sig != NULL)
87 explicit_bzero(sig, slen); 87 freezero(sig, slen);
88 free(sig);
89 }
90 88
91 return r; 89 return r;
92} 90}
@@ -153,14 +151,10 @@ ssh_ed25519_verify(const struct sshkey *key,
153 /* success */ 151 /* success */
154 r = 0; 152 r = 0;
155 out: 153 out:
156 if (sm != NULL) { 154 if (sm != NULL)
157 explicit_bzero(sm, smlen); 155 freezero(sm, smlen);
158 free(sm); 156 if (m != NULL)
159 } 157 freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
160 if (m != NULL) {
161 explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
162 free(m);
163 }
164 sshbuf_free(b); 158 sshbuf_free(b);
165 free(ktype); 159 free(ktype);
166 return r; 160 return r;
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 0d6ed1fff..d9c207b42 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.398 2020/02/07 03:27:54 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.399 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -327,8 +327,7 @@ load_identity(const char *filename, char **commentp)
327 else 327 else
328 pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); 328 pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN);
329 r = sshkey_load_private(filename, pass, &prv, commentp); 329 r = sshkey_load_private(filename, pass, &prv, commentp);
330 explicit_bzero(pass, strlen(pass)); 330 freezero(pass, strlen(pass));
331 free(pass);
332 if (r != 0) 331 if (r != 0)
333 fatal("Load key \"%s\": %s", filename, ssh_err(r)); 332 fatal("Load key \"%s\": %s", filename, ssh_err(r));
334 return prv; 333 return prv;
@@ -1424,8 +1423,7 @@ do_change_passphrase(struct passwd *pw)
1424 RP_ALLOW_STDIN); 1423 RP_ALLOW_STDIN);
1425 r = sshkey_load_private(identity_file, old_passphrase, 1424 r = sshkey_load_private(identity_file, old_passphrase,
1426 &private, &comment); 1425 &private, &comment);
1427 explicit_bzero(old_passphrase, strlen(old_passphrase)); 1426 freezero(old_passphrase, strlen(old_passphrase));
1428 free(old_passphrase);
1429 if (r != 0) 1427 if (r != 0)
1430 goto badkey; 1428 goto badkey;
1431 } else if (r != 0) { 1429 } else if (r != 0) {
@@ -1456,8 +1454,7 @@ do_change_passphrase(struct passwd *pw)
1456 exit(1); 1454 exit(1);
1457 } 1455 }
1458 /* Destroy the other copy. */ 1456 /* Destroy the other copy. */
1459 explicit_bzero(passphrase2, strlen(passphrase2)); 1457 freezero(passphrase2, strlen(passphrase2));
1460 free(passphrase2);
1461 } 1458 }
1462 1459
1463 /* Save the file using the new passphrase. */ 1460 /* Save the file using the new passphrase. */
@@ -1465,15 +1462,13 @@ do_change_passphrase(struct passwd *pw)
1465 comment, private_key_format, openssh_format_cipher, rounds)) != 0) { 1462 comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
1466 error("Saving key \"%s\" failed: %s.", 1463 error("Saving key \"%s\" failed: %s.",
1467 identity_file, ssh_err(r)); 1464 identity_file, ssh_err(r));
1468 explicit_bzero(passphrase1, strlen(passphrase1)); 1465 freezero(passphrase1, strlen(passphrase1));
1469 free(passphrase1);
1470 sshkey_free(private); 1466 sshkey_free(private);
1471 free(comment); 1467 free(comment);
1472 exit(1); 1468 exit(1);
1473 } 1469 }
1474 /* Destroy the passphrase and the copy of the key in memory. */ 1470 /* Destroy the passphrase and the copy of the key in memory. */
1475 explicit_bzero(passphrase1, strlen(passphrase1)); 1471 freezero(passphrase1, strlen(passphrase1));
1476 free(passphrase1);
1477 sshkey_free(private); /* Destroys contents */ 1472 sshkey_free(private); /* Destroys contents */
1478 free(comment); 1473 free(comment);
1479 1474
@@ -1543,8 +1538,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
1543 /* Try to load using the passphrase. */ 1538 /* Try to load using the passphrase. */
1544 if ((r = sshkey_load_private(identity_file, passphrase, 1539 if ((r = sshkey_load_private(identity_file, passphrase,
1545 &private, &comment)) != 0) { 1540 &private, &comment)) != 0) {
1546 explicit_bzero(passphrase, strlen(passphrase)); 1541 freezero(passphrase, strlen(passphrase));
1547 free(passphrase);
1548 fatal("Cannot load private key \"%s\": %s.", 1542 fatal("Cannot load private key \"%s\": %s.",
1549 identity_file, ssh_err(r)); 1543 identity_file, ssh_err(r));
1550 } 1544 }
@@ -1589,14 +1583,12 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
1589 rounds)) != 0) { 1583 rounds)) != 0) {
1590 error("Saving key \"%s\" failed: %s", 1584 error("Saving key \"%s\" failed: %s",
1591 identity_file, ssh_err(r)); 1585 identity_file, ssh_err(r));
1592 explicit_bzero(passphrase, strlen(passphrase)); 1586 freezero(passphrase, strlen(passphrase));
1593 free(passphrase);
1594 sshkey_free(private); 1587 sshkey_free(private);
1595 free(comment); 1588 free(comment);
1596 exit(1); 1589 exit(1);
1597 } 1590 }
1598 explicit_bzero(passphrase, strlen(passphrase)); 1591 freezero(passphrase, strlen(passphrase));
1599 free(passphrase);
1600 if ((r = sshkey_from_private(private, &public)) != 0) 1592 if ((r = sshkey_from_private(private, &public)) != 0)
1601 fatal("sshkey_from_private failed: %s", ssh_err(r)); 1593 fatal("sshkey_from_private failed: %s", ssh_err(r));
1602 sshkey_free(private); 1594 sshkey_free(private);
diff --git a/ssh-xmss.c b/ssh-xmss.c
index 4c734fd7d..ccd4c7600 100644
--- a/ssh-xmss.c
+++ b/ssh-xmss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $*/ 1/* $OpenBSD: ssh-xmss.c,v 1.2 2020/02/26 13:40:09 jsg Exp $*/
2/* 2/*
3 * Copyright (c) 2017 Stefan-Lukas Gazdag. 3 * Copyright (c) 2017 Stefan-Lukas Gazdag.
4 * Copyright (c) 2017 Markus Friedl. 4 * Copyright (c) 2017 Markus Friedl.
@@ -103,10 +103,8 @@ ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
103 r = ret; 103 r = ret;
104 } 104 }
105 sshbuf_free(b); 105 sshbuf_free(b);
106 if (sig != NULL) { 106 if (sig != NULL)
107 explicit_bzero(sig, slen); 107 freezero(sig, slen);
108 free(sig);
109 }
110 108
111 return r; 109 return r;
112} 110}
@@ -177,14 +175,10 @@ ssh_xmss_verify(const struct sshkey *key,
177 /* success */ 175 /* success */
178 r = 0; 176 r = 0;
179 out: 177 out:
180 if (sm != NULL) { 178 if (sm != NULL)
181 explicit_bzero(sm, smlen); 179 freezero(sm, smlen);
182 free(sm); 180 if (m != NULL)
183 } 181 freezero(m, smlen);
184 if (m != NULL) {
185 explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
186 free(m);
187 }
188 sshbuf_free(b); 182 sshbuf_free(b);
189 free(ktype); 183 free(ktype);
190 return r; 184 return r;
diff --git a/sshbuf-misc.c b/sshbuf-misc.c
index c0336e867..9b5aa208c 100644
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf-misc.c,v 1.13 2020/01/25 23:28:06 djm Exp $ */ 1/* $OpenBSD: sshbuf-misc.c,v 1.14 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -156,17 +156,14 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64)
156 if ((p = malloc(plen)) == NULL) 156 if ((p = malloc(plen)) == NULL)
157 return SSH_ERR_ALLOC_FAIL; 157 return SSH_ERR_ALLOC_FAIL;
158 if ((nlen = b64_pton(b64, p, plen)) < 0) { 158 if ((nlen = b64_pton(b64, p, plen)) < 0) {
159 explicit_bzero(p, plen); 159 freezero(p, plen);
160 free(p);
161 return SSH_ERR_INVALID_FORMAT; 160 return SSH_ERR_INVALID_FORMAT;
162 } 161 }
163 if ((r = sshbuf_put(buf, p, nlen)) < 0) { 162 if ((r = sshbuf_put(buf, p, nlen)) < 0) {
164 explicit_bzero(p, plen); 163 freezero(p, plen);
165 free(p);
166 return r; 164 return r;
167 } 165 }
168 explicit_bzero(p, plen); 166 freezero(p, plen);
169 free(p);
170 return 0; 167 return 0;
171} 168}
172 169
diff --git a/sshbuf.c b/sshbuf.c
index f4f7a220f..368ba7980 100644
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshbuf.c,v 1.14 2020/01/23 07:10:22 dtucker Exp $ */ 1/* $OpenBSD: sshbuf.c,v 1.15 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller 3 * Copyright (c) 2011 Damien Miller
4 * 4 *
@@ -164,8 +164,7 @@ sshbuf_free(struct sshbuf *buf)
164 explicit_bzero(buf->d, buf->alloc); 164 explicit_bzero(buf->d, buf->alloc);
165 free(buf->d); 165 free(buf->d);
166 } 166 }
167 explicit_bzero(buf, sizeof(*buf)); 167 freezero(buf, sizeof(*buf));
168 free(buf);
169} 168}
170 169
171void 170void
diff --git a/sshkey.c b/sshkey.c
index 57995ee68..63e568a04 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */ 1/* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -1019,10 +1019,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg,
1019 r = 0; 1019 r = 0;
1020 out: 1020 out:
1021 free(ret); 1021 free(ret);
1022 if (blob != NULL) { 1022 if (blob != NULL)
1023 explicit_bzero(blob, blob_len); 1023 freezero(blob, blob_len);
1024 free(blob);
1025 }
1026 return r; 1024 return r;
1027} 1025}
1028 1026
@@ -1280,12 +1278,10 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg,
1280 dgst_raw, dgst_raw_len, k); 1278 dgst_raw, dgst_raw_len, k);
1281 break; 1279 break;
1282 default: 1280 default:
1283 explicit_bzero(dgst_raw, dgst_raw_len); 1281 freezero(dgst_raw, dgst_raw_len);
1284 free(dgst_raw);
1285 return NULL; 1282 return NULL;
1286 } 1283 }
1287 explicit_bzero(dgst_raw, dgst_raw_len); 1284 freezero(dgst_raw, dgst_raw_len);
1288 free(dgst_raw);
1289 return retval; 1285 return retval;
1290} 1286}
1291 1287
@@ -4054,18 +4050,12 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob,
4054 sshbuf_free(encrypted); 4050 sshbuf_free(encrypted);
4055 cipher_free(ciphercontext); 4051 cipher_free(ciphercontext);
4056 explicit_bzero(salt, sizeof(salt)); 4052 explicit_bzero(salt, sizeof(salt));
4057 if (key != NULL) { 4053 if (key != NULL)
4058 explicit_bzero(key, keylen + ivlen); 4054 freezero(key, keylen + ivlen);
4059 free(key); 4055 if (pubkeyblob != NULL)
4060 } 4056 freezero(pubkeyblob, pubkeylen);
4061 if (pubkeyblob != NULL) { 4057 if (b64 != NULL)
4062 explicit_bzero(pubkeyblob, pubkeylen); 4058 freezero(b64, strlen(b64));
4063 free(pubkeyblob);
4064 }
4065 if (b64 != NULL) {
4066 explicit_bzero(b64, strlen(b64));
4067 free(b64);
4068 }
4069 return r; 4059 return r;
4070} 4060}
4071 4061
@@ -4273,14 +4263,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
4273 free(ciphername); 4263 free(ciphername);
4274 free(kdfname); 4264 free(kdfname);
4275 free(comment); 4265 free(comment);
4276 if (salt != NULL) { 4266 if (salt != NULL)
4277 explicit_bzero(salt, slen); 4267 freezero(salt, slen);
4278 free(salt); 4268 if (key != NULL)
4279 } 4269 freezero(key, keylen + ivlen);
4280 if (key != NULL) {
4281 explicit_bzero(key, keylen + ivlen);
4282 free(key);
4283 }
4284 sshbuf_free(encoded); 4270 sshbuf_free(encoded);
4285 sshbuf_free(decoded); 4271 sshbuf_free(decoded);
4286 sshbuf_free(kdf); 4272 sshbuf_free(kdf);
diff --git a/umac.c b/umac.c
index 2a6b6ae6b..23132e94e 100644
--- a/umac.c
+++ b/umac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: umac.c,v 1.18 2019/11/13 04:47:52 deraadt Exp $ */ 1/* $OpenBSD: umac.c,v 1.19 2020/02/26 13:40:09 jsg Exp $ */
2/* ----------------------------------------------------------------------- 2/* -----------------------------------------------------------------------
3 * 3 *
4 * umac.c -- C Implementation UMAC Message Authentication 4 * umac.c -- C Implementation UMAC Message Authentication
@@ -1205,8 +1205,7 @@ int umac_delete(struct umac_ctx *ctx)
1205 if (ctx) { 1205 if (ctx) {
1206 if (ALLOC_BOUNDARY) 1206 if (ALLOC_BOUNDARY)
1207 ctx = (struct umac_ctx *)ctx->free_ptr; 1207 ctx = (struct umac_ctx *)ctx->free_ptr;
1208 explicit_bzero(ctx, sizeof(*ctx) + ALLOC_BOUNDARY); 1208 freezero(ctx, sizeof(*ctx) + ALLOC_BOUNDARY);
1209 free(ctx);
1210 } 1209 }
1211 return (1); 1210 return (1);
1212} 1211}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-18 12:47:53 +0000