isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use OpenBSD-compatible freezero() in place of explicit_bzero() + free()

Browse Source
This commit is contained in:
Todd C. Miller
2020-08-10 19:24:33 -06:00
parent cef6e3687e
commit ce97ca28db
19 changed files with 105 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
MANIFEST
View File

@@ -142,6 +142,7 @@ lib/util/explicit_bzero.c
lib/util/fatal.c
lib/util/fchmodat.c
lib/util/fnmatch.c
lib/util/freezero.c
lib/util/fstatat.c
lib/util/getaddrinfo.c
lib/util/getcwd.c

3
config.h.in
View File

@@ -285,6 +285,9 @@
/* Define to 1 if you have the `freeifaddrs' function. */
#undef HAVE_FREEIFADDRS
/* Define to 1 if you have the `freezero' function. */
#undef HAVE_FREEZERO
/* Define to 1 if you have the `fseeko' function. */
#undef HAVE_FSEEKO

26
configure vendored
View File

@@ -20673,6 +20673,32 @@ esac
done
fi
done
for ac_func in freezero
do :
ac_fn_c_check_func "$LINENO" "freezero" "ac_cv_func_freezero"
if test "x$ac_cv_func_freezero" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_FREEZERO 1
_ACEOF
else
case " $LIBOBJS " in
*" freezero.$ac_objext "* ) ;;
*) LIBOBJS="$LIBOBJS freezero.$ac_objext"
;;
esac
for _sym in sudo_freezero; do
COMPAT_EXP="${COMPAT_EXP}${_sym}
"
done
fi
done

4
configure.ac
View File

@@ -2825,6 +2825,10 @@ AC_CHECK_FUNCS([memrchr], [], [
AC_LIBOBJ(memrchr)
SUDO_APPEND_COMPAT_EXP(sudo_memrchr)
])
AC_CHECK_FUNCS([freezero], [], [
AC_LIBOBJ(freezero)
SUDO_APPEND_COMPAT_EXP(sudo_freezero)
])
AC_CHECK_FUNCS(nanosleep, [], [
# On Solaris, nanosleep is in librt
AC_CHECK_LIB(rt, nanosleep, [

5
include/sudo_compat.h
View File

@@ -441,6 +441,11 @@ __dso_public void sudo_explicit_bzero(void *s, size_t n);
# undef explicit_bzero
# define explicit_bzero(_a, _b) sudo_explicit_bzero((_a), (_b))
#endif /* HAVE_EXPLICIT_BZERO */
#ifndef HAVE_FREEZERO
__dso_public void sudo_freezero(void *p, size_t n);
# undef freezero
# define freezero(_a, _b) sudo_freezero((_a), (_b))
#endif /* HAVE_FREEZERO */
#ifdef PREFER_PORTABLE_GETCWD
__dso_public char *sudo_getcwd(char *, size_t size);
# undef getcwd

8
lib/util/Makefile.in
View File

@@ -609,6 +609,14 @@ fnmatch.i: $(srcdir)/fnmatch.c $(incdir)/compat/charclass.h \
$(CC) -E -o $@ $(CPPFLAGS) $<
fnmatch.plog: fnmatch.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fnmatch.c --i-file $< --output-file $@
freezero.lo: $(srcdir)/freezero.c $(incdir)/sudo_compat.h \
$(top_builddir)/config.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/freezero.c
freezero.i: $(srcdir)/freezero.c $(incdir)/sudo_compat.h \
$(top_builddir)/config.h
$(CC) -E -o $@ $(CPPFLAGS) $<
freezero.plog: freezero.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/freezero.c --i-file $< --output-file $@
fstatat.lo: $(srcdir)/fstatat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/fstatat.c
fstatat.i: $(srcdir)/fstatat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h

38
lib/util/freezero.c Normal file
View File

@@ -0,0 +1,38 @@
/*
* SPDX-License-Identifier: ISC
*
* Copyright (c) 2020 Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This is an open source non-commercial project. Dear PVS-Studio, please check it.
* PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
*/
#include <config.h>
#include <stdlib.h>
#include <string.h>
#include "sudo_compat.h"
#ifndef HAVE_FREEZERO
void
sudo_freezero(void *p, size_t n)
{
explicit_bzero(p, n);
free(p);
}
#endif /* HAVE_FREEZERO */

6
lib/util/getentropy.c
View File

@@ -613,10 +613,8 @@ getentropy_fallback(void *buf, size_t len)
}
done:
sudo_digest_free(ctx);
if (results != NULL) {
explicit_bzero(results, sizeof(results));
free(results);
}
if (results != NULL)
freezero(results, sizeof(results));
return (ret);
}

3
plugins/sudoers/auth/aix_auth.c
View File

@@ -243,8 +243,7 @@ sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co
free(message);
message = NULL;
result = authenticate(pw->pw_name, pass, &reenter, &message);
explicit_bzero(pass, strlen(pass));
free(pass);
freezero(pass, strlen(pass));
prompt = message;
} while (reenter);

3
plugins/sudoers/auth/bsdauth.c
View File

@@ -151,8 +151,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
if (pass) {
authok = auth_userresponse(as, pass, 1);
explicit_bzero(pass, strlen(pass));
free(pass);
freezero(pass, strlen(pass));
}
/* restore old signal handler */

3
plugins/sudoers/auth/fwtk.c
View File

@@ -134,8 +134,7 @@ restart:
error = AUTH_FAILURE;
done:
explicit_bzero(buf, sizeof(buf));
explicit_bzero(pass, strlen(pass));
free(pass);
freezero(pass, strlen(pass));
debug_return_int(error);
}

3
plugins/sudoers/auth/pam.c
View File

@@ -732,8 +732,7 @@ done:
struct pam_response *pr = &reply[n];
if (pr->resp != NULL) {
explicit_bzero(pr->resp, strlen(pr->resp));
free(pr->resp);
freezero(pr->resp, strlen(pr->resp));
pr->resp = NULL;
}
}

7
plugins/sudoers/auth/passwd.c
View File

@@ -100,9 +100,8 @@ sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
char *pw_epasswd = auth->data;
debug_decl(sudo_passwd_cleanup, SUDOERS_DEBUG_AUTH);
if (pw_epasswd != NULL) {
explicit_bzero(pw_epasswd, strlen(pw_epasswd));
free(pw_epasswd);
}
if (pw_epasswd != NULL)
freezero(pw_epasswd, strlen(pw_epasswd));
debug_return_int(AUTH_SUCCESS);
}

6
plugins/sudoers/auth/secureware.c
View File

@@ -101,10 +101,8 @@ sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth, bool force)
char *pw_epasswd = auth->data;
debug_decl(sudo_secureware_cleanup, SUDOERS_DEBUG_AUTH);
if (pw_epasswd != NULL) {
explicit_bzero(pw_epasswd, strlen(pw_epasswd));
free(pw_epasswd);
}
if (pw_epasswd != NULL)
freezero(pw_epasswd, strlen(pw_epasswd));
debug_return_int(AUTH_SUCCESS);
}

12
plugins/sudoers/auth/securid5.c
View File

@@ -176,10 +176,8 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_
/* Sometimes (when current token close to expire?)
ACE challenges for the next token displayed
(entered without the PIN) */
if (pass != NULL) {
explicit_bzero(pass, strlen(pass));
free(pass);
}
if (pass != NULL)
freezero(pass, strlen(pass));
pass = auth_getpass("\
!!! ATTENTION !!!\n\
Wait for the token code to change, \n\
@@ -217,10 +215,8 @@ then enter the new token code.\n", \
/* Free resources */
SD_Close(*sd);
if (pass != NULL) {
explicit_bzero(pass, strlen(pass));
free(pass);
}
if (pass != NULL)
freezero(pass, strlen(pass));
/* Return stored state to calling process */
debug_return_int(ret);

3
plugins/sudoers/auth/sia.c
View File

@@ -90,8 +90,7 @@ sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth,
/* Check password and zero out plaintext copy. */
rc = sia_ses_authent(NULL, pass, siah);
explicit_bzero(pass, strlen(pass));
free(pass);
freezero(pass, strlen(pass));
if (rc == SIASUCCESS)
debug_return_int(AUTH_SUCCESS);

6
plugins/sudoers/auth/sudo_auth.c
View File

@@ -325,10 +325,8 @@ verify_user(struct passwd *pw, char *prompt, int validated,
if (success != AUTH_FAILURE)
break;
}
if (pass != NULL) {
explicit_bzero(pass, strlen(pass));
free(pass);
}
if (pass != NULL)
freezero(pass, strlen(pass));
if (success != AUTH_FAILURE)
goto done;

2
scripts/mkdep.pl
View File

@@ -116,7 +116,7 @@ sub mkdep {
# XXX - fill in AUTH_OBJS from contents of the auth dir instead
$makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
$makefile =~ s:\@DIGEST\@:digest.lo digest_openssl.lo digest_gcrypt.lo:;
$makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo dup3.lo explicit_bzero.lo fchmodat.lo fstatat.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo getusershell.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo openat.lo pipe2.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo unlinkat.lo utimens.lo vsyslog.lo:;
$makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo dup3.lo explicit_bzero.lo fchmodat.lo freezero.lo fstatat.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo getusershell.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo openat.lo pipe2.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo unlinkat.lo utimens.lo vsyslog.lo:;
# Parse OBJS lines
my %objs;

3
src/conversation.c
View File

@@ -135,8 +135,7 @@ err:
struct sudo_conv_reply *repl = &replies[n];
if (repl->reply == NULL)
continue;
explicit_bzero(repl->reply, strlen(repl->reply));
free(repl->reply);
freezero(repl->reply, strlen(repl->reply));
repl->reply = NULL;
} while (n--);
}