From 2c8fa272240f17e4d9d801abad9710c6c09f63ab Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Wed, 15 Apr 2020 16:20:06 +1000
Subject: [PATCH] gss: use _gss_secure_release_buffer_[set]

Use new helper APIs for securely zeroing and releasing buffers and buffer sets.
---
 lib/gssapi/krb5/export_sec_context.c      |  2 +-
 lib/gssapi/krb5/gsskrb5_locl.h            |  1 +
 lib/gssapi/mech/gss_cred.c                |  4 ++--
 lib/gssapi/mech/gss_duplicate_cred.c      |  2 +-
 lib/gssapi/mech/gss_export_sec_context.c  |  2 +-
 lib/gssapi/mech/gss_inquire_cred_by_oid.c |  6 +++---
 lib/gssapi/mech/gss_krb5.c                |  6 +++---
 lib/gssapi/spnego/negoex_ctx.c            | 23 ++---------------------
 8 files changed, 14 insertions(+), 32 deletions(-)

diff --git a/lib/gssapi/krb5/export_sec_context.c b/lib/gssapi/krb5/export_sec_context.c
index b500f4230..cba9f22f6 100644
--- a/lib/gssapi/krb5/export_sec_context.c
+++ b/lib/gssapi/krb5/export_sec_context.c
@@ -232,7 +232,7 @@ _gsskrb5_export_sec_context(
     ret = _gsskrb5_delete_sec_context (minor_status, context_handle,
 				       GSS_C_NO_BUFFER);
     if (ret != GSS_S_COMPLETE)
-	_gsskrb5_release_buffer (NULL, interprocess_token);
+	_gss_secure_release_buffer (&minor, interprocess_token);
     *minor_status = 0;
     return ret;
  failure:
diff --git a/lib/gssapi/krb5/gsskrb5_locl.h b/lib/gssapi/krb5/gsskrb5_locl.h
index 555d095de..e323881fa 100644
--- a/lib/gssapi/krb5/gsskrb5_locl.h
+++ b/lib/gssapi/krb5/gsskrb5_locl.h
@@ -44,6 +44,7 @@
 #include <gssapi_mech.h>
 #include <gssapi_krb5.h>
 #include <assert.h>
+#include <mech/utils.h>
 
 #include "cfx.h"
 
diff --git a/lib/gssapi/mech/gss_cred.c b/lib/gssapi/mech/gss_cred.c
index 1a7210e73..94642c587 100644
--- a/lib/gssapi/mech/gss_cred.c
+++ b/lib/gssapi/mech/gss_cred.c
@@ -90,13 +90,13 @@ gss_export_cred(OM_uint32 * minor_status,
 	if (buffer.length) {
 	    bytes = krb5_storage_write(sp, buffer.value, buffer.length);
 	    if (bytes < 0 || (size_t)bytes != buffer.length) {
-		gss_release_buffer(minor_status, &buffer);
+		_gss_secure_release_buffer(minor_status, &buffer);
 		krb5_storage_free(sp);
 		*minor_status = EINVAL;
 		return GSS_S_FAILURE;
 	    }
 	}
-	gss_release_buffer(minor_status, &buffer);
+	_gss_secure_release_buffer(minor_status, &buffer);
     }
 
     ret = krb5_storage_to_data(sp, &data);
diff --git a/lib/gssapi/mech/gss_duplicate_cred.c b/lib/gssapi/mech/gss_duplicate_cred.c
index 720b4b47f..0c25ce9fa 100644
--- a/lib/gssapi/mech/gss_duplicate_cred.c
+++ b/lib/gssapi/mech/gss_duplicate_cred.c
@@ -53,7 +53,7 @@ copy_cred_element(OM_uint32 *minor_status,
 	major_status = m->gm_export_cred(minor_status, mc->gmc_cred, &export);
 	if (major_status == GSS_S_COMPLETE) {
 	    major_status = m->gm_import_cred(minor_status, &export, &dup_cred);
-	    gss_release_buffer(&tmp, &export);
+	    _gss_secure_release_buffer(&tmp, &export);
 	}
     } else {
 	struct _gss_mechanism_name mn;
diff --git a/lib/gssapi/mech/gss_export_sec_context.c b/lib/gssapi/mech/gss_export_sec_context.c
index 52d83e25b..67e1d7091 100644
--- a/lib/gssapi/mech/gss_export_sec_context.c
+++ b/lib/gssapi/mech/gss_export_sec_context.c
@@ -84,7 +84,7 @@ gss_export_sec_context(OM_uint32 *minor_status,
 		p[1] = m->gm_mech_oid.length;
 		memcpy(p + 2, m->gm_mech_oid.elements, m->gm_mech_oid.length);
 		memcpy(p + 2 + m->gm_mech_oid.length, buf.value, buf.length);
-		gss_release_buffer(minor_status, &buf);
+		_gss_secure_release_buffer(minor_status, &buf);
 	} else {
 		_gss_mg_error(m, *minor_status);
 	}
diff --git a/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/lib/gssapi/mech/gss_inquire_cred_by_oid.c
index 1e6c51ff4..ee5ba6085 100644
--- a/lib/gssapi/mech/gss_inquire_cred_by_oid.c
+++ b/lib/gssapi/mech/gss_inquire_cred_by_oid.c
@@ -58,8 +58,8 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
 
 		m = mc->gmc_mech;
 		if (m == NULL) {
-	       		gss_release_buffer_set(minor_status, &set);
-			*minor_status = 0;
+			_gss_secure_release_buffer_set(minor_status, &set);
+			minor_status = 0;
 			return GSS_S_BAD_MECH;
 		}
 
@@ -79,7 +79,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
 			if (status != GSS_S_COMPLETE)
 				break;
 		}
-		gss_release_buffer_set(minor_status, &rset);
+		_gss_secure_release_buffer_set(minor_status, &rset);
 	}
 	if (set == GSS_C_NO_BUFFER_SET && status == GSS_S_COMPLETE)
 		status = GSS_S_FAILURE;
diff --git a/lib/gssapi/mech/gss_krb5.c b/lib/gssapi/mech/gss_krb5.c
index 8a497ae98..ebe39c446 100644
--- a/lib/gssapi/mech/gss_krb5.c
+++ b/lib/gssapi/mech/gss_krb5.c
@@ -383,7 +383,7 @@ gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
     *rctx = ctx;
 
 out:
-    gss_release_buffer_set(minor_status, &data_set);
+    _gss_secure_release_buffer_set(minor_status, &data_set);
     if (sp)
 	krb5_storage_free(sp);
     if (context)
@@ -736,7 +736,7 @@ gsskrb5_extract_key(OM_uint32 *minor_status,
 	return major_status;
 
     if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
-	gss_release_buffer_set(minor_status, &data_set);
+	_gss_secure_release_buffer_set(minor_status, &data_set);
 	*minor_status = EINVAL;
 	return GSS_S_FAILURE;
     }
@@ -757,7 +757,7 @@ gsskrb5_extract_key(OM_uint32 *minor_status,
     ret = krb5_ret_keyblock(sp, *keyblock);
 
 out:
-    gss_release_buffer_set(minor_status, &data_set);
+    _gss_secure_release_buffer_set(minor_status, &data_set);
     if (sp)
 	krb5_storage_free(sp);
     if (ret && keyblock) {
diff --git a/lib/gssapi/spnego/negoex_ctx.c b/lib/gssapi/spnego/negoex_ctx.c
index 1f9408901..dd4a88078 100644
--- a/lib/gssapi/spnego/negoex_ctx.c
+++ b/lib/gssapi/spnego/negoex_ctx.c
@@ -48,25 +48,6 @@
  * authenticate the entire exchange.
  */
 
-static void
-zero_and_release_buffer_set(gss_buffer_set_t *pBuffers)
-{
-    OM_uint32 tmpMinor;
-    gss_buffer_set_t buffers = *pBuffers;
-    size_t i;
-
-    if (buffers != GSS_C_NO_BUFFER_SET) {
-	for (i = 0; i < buffers->count; i++)
-	    memset_s(buffers->elements[i].value,
-		     buffers->elements[i].length, 0,
-		     buffers->elements[i].length);
-
-	gss_release_buffer_set(&tmpMinor, &buffers);
-    }
-
-    *pBuffers = GSS_C_NO_BUFFER_SET;
-}
-
 static OM_uint32
 buffer_set_to_crypto(OM_uint32 *minor,
 		     krb5_context context,
@@ -120,7 +101,7 @@ get_session_keys(OM_uint32 *minor,
     if (major == GSS_S_COMPLETE) {
 	major = buffer_set_to_crypto(minor, context,
 				     buffers, &mech->crypto);
-	zero_and_release_buffer_set(&buffers);
+	_gss_secure_release_buffer_set(&tmpMinor, &buffers);
 	if (major != GSS_S_COMPLETE)
 	    return major;
     }
@@ -131,7 +112,7 @@ get_session_keys(OM_uint32 *minor,
     if (major == GSS_S_COMPLETE) {
 	major = buffer_set_to_crypto(minor, context,
 				     buffers, &mech->verify_crypto);
-	zero_and_release_buffer_set(&buffers);
+	_gss_secure_release_buffer_set(&tmpMinor, &buffers);
 	if (major != GSS_S_COMPLETE)
 	    return major;
     }