diff options
author | jsg@openbsd.org <jsg@openbsd.org> | 2020-02-26 13:40:09 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-02-28 12:26:28 +1100 |
commit | d5ba1c03278eb079438bb038266d80d7477d49cb (patch) | |
tree | 6d8dd2d802af796bcb7c9d6d018196a448bb9ff6 /sshkey.c | |
parent | 9e3220b585c5be19a7431ea4ff8884c137b3a81c (diff) |
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 44 |
1 files changed, 15 insertions, 29 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -1019,10 +1019,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, | |||
1019 | r = 0; | 1019 | r = 0; |
1020 | out: | 1020 | out: |
1021 | free(ret); | 1021 | free(ret); |
1022 | if (blob != NULL) { | 1022 | if (blob != NULL) |
1023 | explicit_bzero(blob, blob_len); | 1023 | freezero(blob, blob_len); |
1024 | free(blob); | ||
1025 | } | ||
1026 | return r; | 1024 | return r; |
1027 | } | 1025 | } |
1028 | 1026 | ||
@@ -1280,12 +1278,10 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg, | |||
1280 | dgst_raw, dgst_raw_len, k); | 1278 | dgst_raw, dgst_raw_len, k); |
1281 | break; | 1279 | break; |
1282 | default: | 1280 | default: |
1283 | explicit_bzero(dgst_raw, dgst_raw_len); | 1281 | freezero(dgst_raw, dgst_raw_len); |
1284 | free(dgst_raw); | ||
1285 | return NULL; | 1282 | return NULL; |
1286 | } | 1283 | } |
1287 | explicit_bzero(dgst_raw, dgst_raw_len); | 1284 | freezero(dgst_raw, dgst_raw_len); |
1288 | free(dgst_raw); | ||
1289 | return retval; | 1285 | return retval; |
1290 | } | 1286 | } |
1291 | 1287 | ||
@@ -4054,18 +4050,12 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob, | |||
4054 | sshbuf_free(encrypted); | 4050 | sshbuf_free(encrypted); |
4055 | cipher_free(ciphercontext); | 4051 | cipher_free(ciphercontext); |
4056 | explicit_bzero(salt, sizeof(salt)); | 4052 | explicit_bzero(salt, sizeof(salt)); |
4057 | if (key != NULL) { | 4053 | if (key != NULL) |
4058 | explicit_bzero(key, keylen + ivlen); | 4054 | freezero(key, keylen + ivlen); |
4059 | free(key); | 4055 | if (pubkeyblob != NULL) |
4060 | } | 4056 | freezero(pubkeyblob, pubkeylen); |
4061 | if (pubkeyblob != NULL) { | 4057 | if (b64 != NULL) |
4062 | explicit_bzero(pubkeyblob, pubkeylen); | 4058 | freezero(b64, strlen(b64)); |
4063 | free(pubkeyblob); | ||
4064 | } | ||
4065 | if (b64 != NULL) { | ||
4066 | explicit_bzero(b64, strlen(b64)); | ||
4067 | free(b64); | ||
4068 | } | ||
4069 | return r; | 4059 | return r; |
4070 | } | 4060 | } |
4071 | 4061 | ||
@@ -4273,14 +4263,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, | |||
4273 | free(ciphername); | 4263 | free(ciphername); |
4274 | free(kdfname); | 4264 | free(kdfname); |
4275 | free(comment); | 4265 | free(comment); |
4276 | if (salt != NULL) { | 4266 | if (salt != NULL) |
4277 | explicit_bzero(salt, slen); | 4267 | freezero(salt, slen); |
4278 | free(salt); | 4268 | if (key != NULL) |
4279 | } | 4269 | freezero(key, keylen + ivlen); |
4280 | if (key != NULL) { | ||
4281 | explicit_bzero(key, keylen + ivlen); | ||
4282 | free(key); | ||
4283 | } | ||
4284 | sshbuf_free(encoded); | 4270 | sshbuf_free(encoded); |
4285 | sshbuf_free(decoded); | 4271 | sshbuf_free(decoded); |
4286 | sshbuf_free(kdf); | 4272 | sshbuf_free(kdf); |