Use zap() more consistently
Use zap() or zapfree() in places where we previously used memset() to
scrub memory. Reported by Zhaomo Yang and Brian Johannesmeyer.
(cherry picked from commit d58cfa06bab766cf1354bc593deea300388072c0)
ticket: 8514
version_fixed: 1.15
Greg Hudson authored 7 years ago
Tom Yu committed 7 years ago
347 | 347 |
printf(_("Warning: couldn't stash master key.\n"));
|
348 | 348 |
}
|
349 | 349 |
/* clean up */
|
350 | |
if (pw_str) {
|
351 | |
memset(pw_str, 0, pw_size);
|
352 | |
free(pw_str);
|
353 | |
}
|
|
350 |
zapfree(pw_str, pw_size);
|
354 | 351 |
free(master_salt.data);
|
355 | 352 |
|
356 | 353 |
if (kadm5_create(&global_params)) {
|
169 | 169 |
krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
|
170 | 170 |
krb5_free_context(rdp->realm_context);
|
171 | 171 |
}
|
172 | |
memset(rdp, 0, sizeof(*rdp));
|
173 | |
free(rdp);
|
|
172 |
zapfree(rdp, sizeof(*rdp));
|
174 | 173 |
}
|
175 | 174 |
|
176 | 175 |
/* Set *val_out to an allocated string containing val1 and/or val2, separated
|
143 | 143 |
(const unsigned char *)iov->data.data, iov->data.length);
|
144 | 144 |
}
|
145 | 145 |
|
146 | |
if (state == NULL) {
|
147 | |
memset(arcfour_ctx, 0, sizeof(ArcfourContext));
|
148 | |
free(arcfour_ctx);
|
149 | |
}
|
|
146 |
if (state == NULL)
|
|
147 |
zapfree(arcfour_ctx, sizeof(ArcfourContext));
|
150 | 148 |
|
151 | 149 |
return 0;
|
152 | 150 |
}
|
86 | 86 |
krb5_free_context(ctx->k5_context);
|
87 | 87 |
|
88 | 88 |
/* Zero out context */
|
89 | |
memset(ctx, 0, sizeof(*ctx));
|
|
89 |
zap(ctx, sizeof(*ctx));
|
90 | 90 |
xfree(ctx);
|
91 | 91 |
|
92 | 92 |
/* zero the handle itself */
|
90 | 90 |
if (kret != 0 && context != 0)
|
91 | 91 |
save_error_info((OM_uint32)kret, context);
|
92 | 92 |
if (obuffer && bufsize) {
|
93 | |
memset(obuffer, 0, bufsize);
|
|
93 |
zap(obuffer, bufsize);
|
94 | 94 |
xfree(obuffer);
|
95 | 95 |
}
|
96 | 96 |
if (*minor_status == 0)
|
265 | 265 |
{
|
266 | 266 |
if (key) {
|
267 | 267 |
if (key->data && key->length) {
|
268 | |
memset(key->data, 0, key->length);
|
|
268 |
zap(key->data, key->length);
|
269 | 269 |
xfree(key->data);
|
270 | |
memset(key, 0, sizeof(gss_krb5_lucid_key_t));
|
|
270 |
zap(key, sizeof(gss_krb5_lucid_key_t));
|
271 | 271 |
}
|
272 | 272 |
}
|
273 | 273 |
}
|
559 | 559 |
if (cf->mech_type != GSS_C_NO_OID &&
|
560 | 560 |
cf->mech_type != &cf->mech->mech_type)
|
561 | 561 |
generic_gss_release_oid(&minor_status, &cf->mech_type);
|
562 | |
if (cf->mech != NULL && cf->freeMech) {
|
563 | |
memset(cf->mech, 0, sizeof(*cf->mech));
|
564 | |
free(cf->mech);
|
565 | |
}
|
|
562 |
if (cf->freeMech)
|
|
563 |
zapfree(cf->mech, sizeof(*cf->mech));
|
566 | 564 |
if (cf->dl_handle != NULL)
|
567 | 565 |
krb5int_close_plugin(cf->dl_handle);
|
568 | 566 |
if (cf->int_mech_type != GSS_C_NO_OID)
|
47 | 47 |
if ( from->key_data_length[i] ) {
|
48 | 48 |
to->key_data_contents[i] = malloc(from->key_data_length[i]);
|
49 | 49 |
if (to->key_data_contents[i] == NULL) {
|
50 | |
for (i = 0; i < idx; i++) {
|
51 | |
if (to->key_data_contents[i]) {
|
52 | |
memset(to->key_data_contents[i], 0,
|
53 | |
to->key_data_length[i]);
|
54 | |
free(to->key_data_contents[i]);
|
55 | |
}
|
56 | |
}
|
|
50 |
for (i = 0; i < idx; i++)
|
|
51 |
zapfree(to->key_data_contents[i], to->key_data_length[i]);
|
57 | 52 |
return ENOMEM;
|
58 | 53 |
}
|
59 | 54 |
memcpy(to->key_data_contents[i], from->key_data_contents[i],
|
479 | 479 |
context->modules = NULL;
|
480 | 480 |
}
|
481 | 481 |
krb5int_close_plugin_dirs(&context->plugins);
|
482 | |
memset(context, 0, sizeof(*context));
|
483 | |
free(context);
|
|
482 |
zapfree(context, sizeof(*context));
|
484 | 483 |
}
|
485 | 484 |
|
486 | 485 |
krb5_error_code KRB5_CALLCONV
|
124 | 124 |
krb5_pac pac)
|
125 | 125 |
{
|
126 | 126 |
if (pac != NULL) {
|
127 | |
if (pac->data.data != NULL) {
|
128 | |
memset(pac->data.data, 0, pac->data.length);
|
129 | |
free(pac->data.data);
|
130 | |
}
|
131 | |
if (pac->pac != NULL)
|
132 | |
free(pac->pac);
|
133 | |
memset(pac, 0, sizeof(*pac));
|
134 | |
free(pac);
|
|
127 |
zapfree(pac->data.data, pac->data.length);
|
|
128 |
free(pac->pac);
|
|
129 |
zapfree(pac, sizeof(*pac));
|
135 | 130 |
}
|
136 | 131 |
}
|
137 | 132 |
|