gss: use _gss_secure_release_buffer_[set]

Use new helper APIs for securely zeroing and releasing buffers and buffer sets.
2020-04-15 16:20:06 +10:00
parent 689eef20ec
commit 2c8fa27224
8 changed files with 14 additions and 32 deletions
--- a/lib/gssapi/krb5/export_sec_context.c
+++ b/lib/gssapi/krb5/export_sec_context.c
@@ -232,7 +232,7 @@ _gsskrb5_export_sec_context(
    ret = _gsskrb5_delete_sec_context (minor_status, context_handle,
 				       GSS_C_NO_BUFFER);
    if (ret != GSS_S_COMPLETE)
-	_gsskrb5_release_buffer (NULL, interprocess_token);
+	_gss_secure_release_buffer (&minor, interprocess_token);
    *minor_status = 0;
    return ret;
 failure:
--- a/lib/gssapi/krb5/gsskrb5_locl.h
+++ b/lib/gssapi/krb5/gsskrb5_locl.h
@@ -44,6 +44,7 @@
 #include <gssapi_mech.h>
 #include <gssapi_krb5.h>
 #include <assert.h>
+#include <mech/utils.h>

 #include "cfx.h"

--- a/lib/gssapi/mech/gss_cred.c
+++ b/lib/gssapi/mech/gss_cred.c
@@ -90,13 +90,13 @@ gss_export_cred(OM_uint32 * minor_status,
 	if (buffer.length) {
 	    bytes = krb5_storage_write(sp, buffer.value, buffer.length);
 	    if (bytes < 0 || (size_t)bytes != buffer.length) {
-		gss_release_buffer(minor_status, &buffer);
+		_gss_secure_release_buffer(minor_status, &buffer);
 		krb5_storage_free(sp);
 		*minor_status = EINVAL;
 		return GSS_S_FAILURE;
 	    }
 	}
-	gss_release_buffer(minor_status, &buffer);
+	_gss_secure_release_buffer(minor_status, &buffer);
    }

    ret = krb5_storage_to_data(sp, &data);
--- a/lib/gssapi/mech/gss_duplicate_cred.c
+++ b/lib/gssapi/mech/gss_duplicate_cred.c
@@ -53,7 +53,7 @@ copy_cred_element(OM_uint32 *minor_status,
 	major_status = m->gm_export_cred(minor_status, mc->gmc_cred, &export);
 	if (major_status == GSS_S_COMPLETE) {
 	    major_status = m->gm_import_cred(minor_status, &export, &dup_cred);
-	    gss_release_buffer(&tmp, &export);
+	    _gss_secure_release_buffer(&tmp, &export);
 	}
    } else {
 	struct _gss_mechanism_name mn;
--- a/lib/gssapi/mech/gss_export_sec_context.c
+++ b/lib/gssapi/mech/gss_export_sec_context.c
@@ -84,7 +84,7 @@ gss_export_sec_context(OM_uint32 *minor_status,
 		p[1] = m->gm_mech_oid.length;
 		memcpy(p + 2, m->gm_mech_oid.elements, m->gm_mech_oid.length);
 		memcpy(p + 2 + m->gm_mech_oid.length, buf.value, buf.length);
-		gss_release_buffer(minor_status, &buf);
+		_gss_secure_release_buffer(minor_status, &buf);
 	} else {
 		_gss_mg_error(m, *minor_status);
 	}
--- a/lib/gssapi/mech/gss_inquire_cred_by_oid.c
+++ b/lib/gssapi/mech/gss_inquire_cred_by_oid.c
@@ -58,8 +58,8 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,

 		m = mc->gmc_mech;
 		if (m == NULL) {
-	       		gss_release_buffer_set(minor_status, &set);
-			*minor_status = 0;
+			_gss_secure_release_buffer_set(minor_status, &set);
+			minor_status = 0;
 			return GSS_S_BAD_MECH;
 		}

@@ -79,7 +79,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
 			if (status != GSS_S_COMPLETE)
 				break;
 		}
-		gss_release_buffer_set(minor_status, &rset);
+		_gss_secure_release_buffer_set(minor_status, &rset);
 	}
 	if (set == GSS_C_NO_BUFFER_SET && status == GSS_S_COMPLETE)
 		status = GSS_S_FAILURE;
--- a/lib/gssapi/mech/gss_krb5.c
+++ b/lib/gssapi/mech/gss_krb5.c
@@ -383,7 +383,7 @@ gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
    *rctx = ctx;

 out:
-    gss_release_buffer_set(minor_status, &data_set);
+    _gss_secure_release_buffer_set(minor_status, &data_set);
    if (sp)
 	krb5_storage_free(sp);
    if (context)
@@ -736,7 +736,7 @@ gsskrb5_extract_key(OM_uint32 *minor_status,
 	return major_status;

    if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
-	gss_release_buffer_set(minor_status, &data_set);
+	_gss_secure_release_buffer_set(minor_status, &data_set);
 	*minor_status = EINVAL;
 	return GSS_S_FAILURE;
    }
@@ -757,7 +757,7 @@ gsskrb5_extract_key(OM_uint32 *minor_status,
    ret = krb5_ret_keyblock(sp, *keyblock);

 out:
-    gss_release_buffer_set(minor_status, &data_set);
+    _gss_secure_release_buffer_set(minor_status, &data_set);
    if (sp)
 	krb5_storage_free(sp);
    if (ret && keyblock) {
--- a/lib/gssapi/spnego/negoex_ctx.c
+++ b/lib/gssapi/spnego/negoex_ctx.c
@@ -48,25 +48,6 @@
 * authenticate the entire exchange.
 */

-static void
-zero_and_release_buffer_set(gss_buffer_set_t *pBuffers)
-{
-    OM_uint32 tmpMinor;
-    gss_buffer_set_t buffers = *pBuffers;
-    size_t i;
-
-    if (buffers != GSS_C_NO_BUFFER_SET) {
-	for (i = 0; i < buffers->count; i++)
-	    memset_s(buffers->elements[i].value,
-		     buffers->elements[i].length, 0,
-		     buffers->elements[i].length);
-
-	gss_release_buffer_set(&tmpMinor, &buffers);
-    }
-
-    *pBuffers = GSS_C_NO_BUFFER_SET;
-}
-
 static OM_uint32
 buffer_set_to_crypto(OM_uint32 *minor,
 		     krb5_context context,
@@ -120,7 +101,7 @@ get_session_keys(OM_uint32 *minor,
    if (major == GSS_S_COMPLETE) {
 	major = buffer_set_to_crypto(minor, context,
 				     buffers, &mech->crypto);
-	zero_and_release_buffer_set(&buffers);
+	_gss_secure_release_buffer_set(&tmpMinor, &buffers);
 	if (major != GSS_S_COMPLETE)
 	    return major;
    }
@@ -131,7 +112,7 @@ get_session_keys(OM_uint32 *minor,
    if (major == GSS_S_COMPLETE) {
 	major = buffer_set_to_crypto(minor, context,
 				     buffers, &mech->verify_crypto);
-	zero_and_release_buffer_set(&buffers);
+	_gss_secure_release_buffer_set(&tmpMinor, &buffers);
 	if (major != GSS_S_COMPLETE)
 	    return major;
    }