aboutsummaryrefslogtreecommitdiff
path: root/src/buffer.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-09-11 16:20:53 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-09-18 09:53:49 +0200
commit86d521cbe7e48e83e8d765182b71c843ef59dd00 (patch)
tree18cd23c23314d86fecd5173b22565f148a6861d9 /src/buffer.c
parent856dc698a9b8fae4eddea08372c91157c11e53e0 (diff)
downloadlibssh-86d521cbe7e48e83e8d765182b71c843ef59dd00.tar.gz
libssh-86d521cbe7e48e83e8d765182b71c843ef59dd00.tar.xz
libssh-86d521cbe7e48e83e8d765182b71c843ef59dd00.zip
buffer: Make sure unpack of secure buffers securely cleans up
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/buffer.c')
-rw-r--r--src/buffer.c39
1 files changed, 35 insertions, 4 deletions
diff --git a/src/buffer.c b/src/buffer.c
index f6f397b6..10f00841 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1239,22 +1239,53 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
for(p=format;p<last;++p){
switch(*p){
case 'b':
+ if (buffer->secure) {
+ o.byte = va_arg(ap_copy, uint8_t *);
+ explicit_bzero(o.byte, sizeof(uint8_t));
+ break;
+ }
+ break;
case 'w':
+ if (buffer->secure) {
+ o.word = va_arg(ap_copy, uint16_t *);
+ explicit_bzero(o.word, sizeof(uint16_t));
+ break;
+ }
+ break;
case 'd':
+ if (buffer->secure) {
+ o.dword = va_arg(ap_copy, uint32_t *);
+ explicit_bzero(o.dword, sizeof(uint32_t));
+ break;
+ }
+ break;
case 'q':
- (void)va_arg(ap_copy, void *);
+ if (buffer->secure) {
+ o.qword = va_arg(ap_copy, uint64_t *);
+ explicit_bzero(o.qword, sizeof(uint64_t));
+ break;
+ }
break;
case 'S':
- o.string=va_arg(ap_copy, ssh_string *);
+ o.string = va_arg(ap_copy, ssh_string *);
+ if (buffer->secure) {
+ ssh_string_burn(*o.string);
+ }
SAFE_FREE(*o.string);
break;
case 's':
- o.cstring=va_arg(ap_copy, char **);
+ o.cstring = va_arg(ap_copy, char **);
+ if (buffer->secure) {
+ explicit_bzero(*o.cstring, strlen(*o.cstring));
+ }
SAFE_FREE(*o.cstring);
break;
case 'P':
- (void)va_arg(ap_copy, size_t);
+ len = va_arg(ap_copy, size_t);
o.data = va_arg(ap_copy, void **);
+ if (buffer->secure) {
+ explicit_bzero(*o.data, len);
+ }
SAFE_FREE(*o.data);
break;
default: