isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement memset_s() and use it instead of zero_bytes().

Browse Source 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
This commit is contained in:
Todd C. Miller
2013-08-03 08:30:06 -06:00
parent 8c867be419
commit 1f3ea50afd
34 changed files with 371 additions and 233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Makefile.in
View File

@@ -311,7 +311,8 @@ tgetpass.o: $(srcdir)/tgetpass.c $(top_builddir)/config.h $(srcdir)/sudo.h \
$(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \
$(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \
$(incdir)/fileops.h $(incdir)/list.h $(incdir)/sudo_conf.h \
$(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
$(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \
$(incdir)/sudo_plugin.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/tgetpass.c
ttyname.o: $(srcdir)/ttyname.c $(top_builddir)/config.h $(srcdir)/sudo.h \
$(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \

4
src/conversation.c
View File

@@ -81,7 +81,7 @@ sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
if (pass == NULL)
goto err;
repl->reply = estrdup(pass);
zero_bytes(pass, strlen(pass));
memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass));
break;
case SUDO_CONV_INFO_MSG:
if (msg->msg)
@@ -107,7 +107,7 @@ err:
do {
repl = &replies[n];
if (repl->reply != NULL) {
zero_bytes(repl->reply, strlen(repl->reply));
memset_s(repl->reply, SUDO_CONV_REPL_MAX, 0, strlen(repl->reply));
free(repl->reply);
repl->reply = NULL;
}

11
src/sudo.h
View File

@@ -75,14 +75,6 @@
#define MODE_NONINTERACTIVE 0x00800000
#define MODE_LONG_LIST 0x01000000
/*
* We used to use the system definition of PASS_MAX or _PASSWD_LEN,
* but that caused problems with various alternate authentication
* methods. So, we just define our own and assume that it is >= the
* system max.
*/
#define SUDO_PASS_MAX 256
/*
* Flags for tgetpass()
*/
@@ -178,9 +170,6 @@ void cleanup(int);
char *tgetpass(const char *, int, int);
int tty_present(void);
/* zero_bytes.c */
void zero_bytes(volatile void *, size_t);
/* exec.c */
int pipe_nonblock(int fds[2]);
int sudo_execute(struct command_details *details, struct command_status *cstat);

4
src/sudo_edit.c
View File

@@ -148,14 +148,14 @@ sudo_edit(struct command_details *command_details)
* and copy the contents of the original to it.
*/
tf = emalloc2(nfiles, sizeof(*tf));
zero_bytes(tf, nfiles * sizeof(*tf));
memset(tf, 0, nfiles * sizeof(*tf));
for (i = 0, j = 0; i < nfiles; i++) {
rc = -1;
switch_user(command_details->euid, command_details->egid,
command_details->ngroups, command_details->groups);
if ((ofd = open(files[i], O_RDONLY, 0644)) != -1 || errno == ENOENT) {
if (ofd == -1) {
zero_bytes(&sb, sizeof(sb)); /* new file */
memset(&sb, 0, sizeof(sb)); /* new file */
rc = 0;
} else {
rc = fstat(ofd, &sb);

9
src/tgetpass.c
View File

@@ -53,6 +53,7 @@
#include <fcntl.h>
#include "sudo.h"
#include "sudo_plugin.h"
static volatile sig_atomic_t signo[NSIG];
@@ -70,7 +71,7 @@ tgetpass(const char *prompt, int timeout, int flags)
sigaction_t savetstp, savettin, savettou, savepipe;
char *pass;
static const char *askpass;
static char buf[SUDO_PASS_MAX + 1];
static char buf[SUDO_CONV_REPL_MAX + 1];
int i, input, output, save_errno, neednl = 0, need_restart;
debug_decl(tgetpass, SUDO_DEBUG_CONV)
@@ -127,7 +128,7 @@ restart:
* Catch signals that would otherwise cause the user to end
* up with echo turned off in the shell.
*/
zero_bytes(&sa, sizeof(sa));
memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_INTERRUPT; /* don't restart system calls */
sa.sa_handler = tgetpass_handler;
@@ -207,7 +208,7 @@ restore:
static char *
sudo_askpass(const char *askpass, const char *prompt)
{
static char buf[SUDO_PASS_MAX + 1], *pass;
static char buf[SUDO_CONV_REPL_MAX + 1], *pass;
sigaction_t sa, saved_sa_pipe;
int pfd[2];
pid_t pid;
@@ -242,7 +243,7 @@ sudo_askpass(const char *askpass, const char *prompt)
}
/* Ignore SIGPIPE in case child exits prematurely */
zero_bytes(&sa, sizeof(sa));
memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_INTERRUPT;
sa.sa_handler = SIG_IGN;