diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-09-11 16:20:53 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-09-18 09:53:49 +0200 |
commit | 86d521cbe7e48e83e8d765182b71c843ef59dd00 (patch) | |
tree | 18cd23c23314d86fecd5173b22565f148a6861d9 /src/buffer.c | |
parent | 856dc698a9b8fae4eddea08372c91157c11e53e0 (diff) | |
download | libssh-86d521cbe7e48e83e8d765182b71c843ef59dd00.tar.gz libssh-86d521cbe7e48e83e8d765182b71c843ef59dd00.tar.xz libssh-86d521cbe7e48e83e8d765182b71c843ef59dd00.zip |
buffer: Make sure unpack of secure buffers securely cleans up
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/buffer.c')
-rw-r--r-- | src/buffer.c | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/src/buffer.c b/src/buffer.c index f6f397b6..10f00841 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -1239,22 +1239,53 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer, for(p=format;p<last;++p){ switch(*p){ case 'b': + if (buffer->secure) { + o.byte = va_arg(ap_copy, uint8_t *); + explicit_bzero(o.byte, sizeof(uint8_t)); + break; + } + break; case 'w': + if (buffer->secure) { + o.word = va_arg(ap_copy, uint16_t *); + explicit_bzero(o.word, sizeof(uint16_t)); + break; + } + break; case 'd': + if (buffer->secure) { + o.dword = va_arg(ap_copy, uint32_t *); + explicit_bzero(o.dword, sizeof(uint32_t)); + break; + } + break; case 'q': - (void)va_arg(ap_copy, void *); + if (buffer->secure) { + o.qword = va_arg(ap_copy, uint64_t *); + explicit_bzero(o.qword, sizeof(uint64_t)); + break; + } break; case 'S': - o.string=va_arg(ap_copy, ssh_string *); + o.string = va_arg(ap_copy, ssh_string *); + if (buffer->secure) { + ssh_string_burn(*o.string); + } SAFE_FREE(*o.string); break; case 's': - o.cstring=va_arg(ap_copy, char **); + o.cstring = va_arg(ap_copy, char **); + if (buffer->secure) { + explicit_bzero(*o.cstring, strlen(*o.cstring)); + } SAFE_FREE(*o.cstring); break; case 'P': - (void)va_arg(ap_copy, size_t); + len = va_arg(ap_copy, size_t); o.data = va_arg(ap_copy, void **); + if (buffer->secure) { + explicit_bzero(*o.data, len); + } SAFE_FREE(*o.data); break; default: |