diff options
| author | Damien Miller <djm@mindrot.org> | 2014-02-04 11:25:45 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-02-04 11:25:45 +1100 |
| commit | db3c595ea74ea9ccd5aa644d7e1f8dc675710731 (patch) | |
| tree | dd9d8db7429fc311131c4dd965296dc672bef269 | |
| parent | aae07e2e2000dd318418fd7fd4597760904cae32 (diff) | |
- djm@cvs.openbsd.org 2014/02/02 03:44:31
[digest-libc.c digest-openssl.c]
convert memset of potentially-private data to explicit_bzero()
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | digest-libc.c | 6 | ||||
| -rw-r--r-- | digest-openssl.c | 4 |
3 files changed, 8 insertions, 5 deletions
| @@ -57,6 +57,9 @@ | |||
| 57 | [ssh-ecdsa.c] | 57 | [ssh-ecdsa.c] |
| 58 | fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike | 58 | fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike |
| 59 | DSA_SIG_new. Reported by Batz Spear; ok markus@ | 59 | DSA_SIG_new. Reported by Batz Spear; ok markus@ |
| 60 | - djm@cvs.openbsd.org 2014/02/02 03:44:31 | ||
| 61 | [digest-libc.c digest-openssl.c] | ||
| 62 | convert memset of potentially-private data to explicit_bzero() | ||
| 60 | 63 | ||
| 61 | 20140131 | 64 | 20140131 |
| 62 | - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) | 65 | - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) |
diff --git a/digest-libc.c b/digest-libc.c index e1fcda71a..1804b0698 100644 --- a/digest-libc.c +++ b/digest-libc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: digest-libc.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */ | 1 | /* $OpenBSD: digest-libc.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> |
| 4 | * Copyright (c) 2014 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2014 Markus Friedl. All rights reserved. |
| @@ -209,9 +209,9 @@ ssh_digest_free(struct ssh_digest_ctx *ctx) | |||
| 209 | if (ctx != NULL) { | 209 | if (ctx != NULL) { |
| 210 | digest = ssh_digest_by_alg(ctx->alg); | 210 | digest = ssh_digest_by_alg(ctx->alg); |
| 211 | if (digest) { | 211 | if (digest) { |
| 212 | memset(ctx->mdctx, 0, digest->ctx_len); | 212 | explicit_bzero(ctx->mdctx, digest->ctx_len); |
| 213 | free(ctx->mdctx); | 213 | free(ctx->mdctx); |
| 214 | memset(ctx, 0, sizeof(*ctx)); | 214 | explicit_bzero(ctx, sizeof(*ctx)); |
| 215 | free(ctx); | 215 | free(ctx); |
| 216 | } | 216 | } |
| 217 | } | 217 | } |
diff --git a/digest-openssl.c b/digest-openssl.c index 8d7a58f34..863d37d03 100644 --- a/digest-openssl.c +++ b/digest-openssl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: digest-openssl.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */ | 1 | /* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> |
| 4 | * | 4 | * |
| @@ -140,7 +140,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx) | |||
| 140 | { | 140 | { |
| 141 | if (ctx != NULL) { | 141 | if (ctx != NULL) { |
| 142 | EVP_MD_CTX_cleanup(&ctx->mdctx); | 142 | EVP_MD_CTX_cleanup(&ctx->mdctx); |
| 143 | memset(ctx, 0, sizeof(*ctx)); | 143 | explicit_bzero(ctx, sizeof(*ctx)); |
| 144 | free(ctx); | 144 | free(ctx); |
| 145 | } | 145 | } |
| 146 | } | 146 | } |