use memset_s
lib roken includes support for memset_s() but it was not applied to the Heimdal source tree. Change-Id: I8362ec97a9be50205bb2d398e65b629b88ce1acd
This commit is contained in:
Jeffrey Altman
@@ -180,9 +180,9 @@ ARCFOUR_subencrypt(krb5_context context,
|
||||
EVP_Cipher(&ctx, cdata + 16, cdata + 16, len - 16);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
|
||||
memset (k1_c_data, 0, sizeof(k1_c_data));
|
||||
memset (k2_c_data, 0, sizeof(k2_c_data));
|
||||
memset (k3_c_data, 0, sizeof(k3_c_data));
|
||||
memset_s(k1_c_data, sizeof(k1_c_data), 0, sizeof(k1_c_data));
|
||||
memset_s(k2_c_data, sizeof(k2_c_data), 0, sizeof(k2_c_data));
|
||||
memset_s(k3_c_data, sizeof(k3_c_data), 0, sizeof(k3_c_data));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -247,9 +247,9 @@ ARCFOUR_subdecrypt(krb5_context context,
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
|
||||
memset (k1_c_data, 0, sizeof(k1_c_data));
|
||||
memset (k2_c_data, 0, sizeof(k2_c_data));
|
||||
memset (k3_c_data, 0, sizeof(k3_c_data));
|
||||
memset_s(k1_c_data, sizeof(k1_c_data), 0, sizeof(k1_c_data));
|
||||
memset_s(k2_c_data, sizeof(k2_c_data), 0, sizeof(k2_c_data));
|
||||
memset_s(k3_c_data, sizeof(k3_c_data), 0, sizeof(k3_c_data));
|
||||
|
||||
if (ct_memcmp (cksum.checksum.data, data, 16) != 0) {
|
||||
krb5_clear_error_message (context);
|
||||
|
||||
@@ -77,7 +77,7 @@ _krb5_des_checksum(krb5_context context,
|
||||
EVP_DigestUpdate(m, data, len);
|
||||
EVP_DigestFinal_ex (m, p + 8, NULL);
|
||||
EVP_MD_CTX_destroy(m);
|
||||
memset (&ivec, 0, sizeof(ivec));
|
||||
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
|
||||
EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1);
|
||||
EVP_Cipher(&ctx->ectx, p, p, 24);
|
||||
|
||||
@@ -103,7 +103,7 @@ _krb5_des_verify(krb5_context context,
|
||||
if (m == NULL)
|
||||
return krb5_enomem(context);
|
||||
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
|
||||
EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1);
|
||||
EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24);
|
||||
|
||||
@@ -116,8 +116,8 @@ _krb5_des_verify(krb5_context context,
|
||||
krb5_clear_error_message (context);
|
||||
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
|
||||
}
|
||||
memset(tmp, 0, sizeof(tmp));
|
||||
memset(res, 0, sizeof(res));
|
||||
memset_s(tmp, sizeof(tmp), 0, sizeof(tmp));
|
||||
memset_s(res, sizeof(res), 0, sizeof(res));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -92,12 +92,12 @@ _krb5_pk_octetstring2key(krb5_context context,
|
||||
offset += sizeof(shaoutput);
|
||||
counter++;
|
||||
} while(offset < keylen);
|
||||
memset(shaoutput, 0, sizeof(shaoutput));
|
||||
memset_s(shaoutput, sizeof(shaoutput), 0, sizeof(shaoutput));
|
||||
|
||||
EVP_MD_CTX_destroy(m);
|
||||
|
||||
ret = krb5_random_to_key(context, type, keydata, keylen, key);
|
||||
memset(keydata, 0, sizeof(keylen));
|
||||
memset_s(keydata, sizeof(keylen), 0, sizeof(keylen));
|
||||
free(keydata);
|
||||
return ret;
|
||||
}
|
||||
@@ -282,13 +282,13 @@ _krb5_pk_kdf(krb5_context context,
|
||||
offset += EVP_MD_CTX_size(m);
|
||||
counter++;
|
||||
} while(offset < keylen);
|
||||
memset(shaoutput, 0, sizeof(shaoutput));
|
||||
memset_s(shaoutput, sizeof(shaoutput), 0, sizeof(shaoutput));
|
||||
|
||||
EVP_MD_CTX_destroy(m);
|
||||
free(other.data);
|
||||
|
||||
ret = krb5_random_to_key(context, enctype, keydata, keylen, key);
|
||||
memset(keydata, 0, sizeof(keylen));
|
||||
memset_s(keydata, sizeof(keylen), 0, sizeof(keylen));
|
||||
free(keydata);
|
||||
|
||||
return ret;
|
||||
|
||||
@@ -207,7 +207,7 @@ krb5_password_key_proc (krb5_context context,
|
||||
password = buf;
|
||||
}
|
||||
ret = krb5_string_to_key_salt (context, type, password, salt, *key);
|
||||
memset (buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -162,7 +162,9 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
|
||||
if (ctx->keytab_data)
|
||||
free(ctx->keytab_data);
|
||||
if (ctx->password) {
|
||||
memset(ctx->password, 0, strlen(ctx->password));
|
||||
size_t len;
|
||||
len = strlen(ctx->password);
|
||||
memset_s(ctx->password, len, 0, len);
|
||||
free(ctx->password);
|
||||
}
|
||||
/*
|
||||
@@ -189,7 +191,7 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
|
||||
free_paid(context, ctx->ppaid);
|
||||
free(ctx->ppaid);
|
||||
}
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
memset_s(ctx, sizeof(*ctx), 0, sizeof(*ctx));
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -629,8 +631,8 @@ change_password (krb5_context context,
|
||||
}
|
||||
|
||||
out:
|
||||
memset (buf1, 0, sizeof(buf1));
|
||||
memset (buf2, 0, sizeof(buf2));
|
||||
memset_s(buf1, sizeof(buf1), 0, sizeof(buf1));
|
||||
memset_s(buf2, sizeof(buf2), 0, sizeof(buf2));
|
||||
krb5_data_free (&result_string);
|
||||
krb5_data_free (&result_code_string);
|
||||
krb5_free_cred_contents (context, &cpw_cred);
|
||||
@@ -756,7 +758,7 @@ init_as_req (krb5_context context,
|
||||
return 0;
|
||||
fail:
|
||||
free_AS_REQ(a);
|
||||
memset(a, 0, sizeof(*a));
|
||||
memset_s(a, sizeof(*a), 0, sizeof(*a));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -1501,7 +1503,9 @@ krb5_init_creds_set_password(krb5_context context,
|
||||
const char *password)
|
||||
{
|
||||
if (ctx->password) {
|
||||
memset(ctx->password, 0, strlen(ctx->password));
|
||||
size_t len;
|
||||
len = strlen(ctx->password);
|
||||
memset_s(ctx->password, len, 0, len);
|
||||
free(ctx->password);
|
||||
}
|
||||
if (password) {
|
||||
@@ -2317,7 +2321,7 @@ krb5_init_creds_step(krb5_context context,
|
||||
if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) {
|
||||
|
||||
free_METHOD_DATA(&ctx->md);
|
||||
memset(&ctx->md, 0, sizeof(ctx->md));
|
||||
memset_s(&ctx->md, sizeof(ctx->md), 0, sizeof(ctx->md));
|
||||
|
||||
if (ctx->error.e_data) {
|
||||
ret = decode_METHOD_DATA(ctx->error.e_data->data,
|
||||
@@ -2371,7 +2375,7 @@ krb5_init_creds_step(krb5_context context,
|
||||
}
|
||||
|
||||
free_AS_REQ(&ctx->as_req);
|
||||
memset(&ctx->as_req, 0, sizeof(ctx->as_req));
|
||||
memset_s(&ctx->as_req, sizeof(ctx->as_req), 0, sizeof(ctx->as_req));
|
||||
|
||||
ctx->used_pa_types = 0;
|
||||
} else if (ret == KRB5KDC_ERR_KEY_EXP && ctx->runflags.change_password == 0 && ctx->prompter) {
|
||||
@@ -2685,7 +2689,7 @@ krb5_get_init_creds_password(krb5_context context,
|
||||
ret = (*prompter) (context, data, NULL, NULL, 1, &prompt);
|
||||
free (q);
|
||||
if (ret) {
|
||||
memset (buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
ret = KRB5_LIBOS_PWDINTR;
|
||||
krb5_clear_error_message (context);
|
||||
goto out;
|
||||
@@ -2741,8 +2745,8 @@ krb5_get_init_creds_password(krb5_context context,
|
||||
if (ctx)
|
||||
krb5_init_creds_free(context, ctx);
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset(buf2, 0, sizeof(buf2));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
memset_s(buf2, sizeof(buf), 0, sizeof(buf2));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -224,7 +224,7 @@ kcm_free(krb5_context context, krb5_ccache *id)
|
||||
if (k != NULL) {
|
||||
if (k->name != NULL)
|
||||
free(k->name);
|
||||
memset(k, 0, sizeof(*k));
|
||||
memset_s(k, sizeof(*k), 0, sizeof(*k));
|
||||
krb5_data_free(&(*id)->data);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -109,7 +109,7 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
|
||||
memset(&schedule, 0, sizeof(schedule));
|
||||
memset(&temp_key, 0, sizeof(temp_key));
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
memset(password, 0, sizeof(password));
|
||||
memset_s(password, sizeof(password), 0, sizeof(password));
|
||||
|
||||
DES_set_odd_parity (key);
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ DES3_string_to_key(krb5_context context,
|
||||
|
||||
ret = _krb5_n_fold(str, len, tmp, 24);
|
||||
if (ret) {
|
||||
memset(str, 0, len);
|
||||
memset_s(str, len, 0, len);
|
||||
free(str);
|
||||
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
|
||||
return ret;
|
||||
@@ -74,24 +74,24 @@ DES3_string_to_key(krb5_context context,
|
||||
_krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
|
||||
DES_set_key_unchecked(keys + i, &s[i]);
|
||||
}
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
|
||||
DES_ede3_cbc_encrypt(tmp,
|
||||
tmp, sizeof(tmp),
|
||||
&s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
|
||||
memset(s, 0, sizeof(s));
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
memset_s(s, sizeof(s), 0, sizeof(s));
|
||||
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
|
||||
for(i = 0; i < 3; i++){
|
||||
memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
|
||||
DES_set_odd_parity(keys + i);
|
||||
if(DES_is_weak_key(keys + i))
|
||||
_krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
|
||||
}
|
||||
memset(tmp, 0, sizeof(tmp));
|
||||
memset_s(tmp, sizeof(tmp), 0, sizeof(tmp));
|
||||
}
|
||||
key->keytype = enctype;
|
||||
krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
|
||||
memset(keys, 0, sizeof(keys));
|
||||
memset(str, 0, len);
|
||||
memset_s(keys, sizeof(keys), 0, sizeof(keys));
|
||||
memset_s(str, sizeof(str), 0, len);
|
||||
free(str);
|
||||
return 0;
|
||||
}
|
||||
@@ -119,7 +119,7 @@ DES3_string_to_key_derived(krb5_context context,
|
||||
len,
|
||||
enctype,
|
||||
key);
|
||||
memset(s, 0, len);
|
||||
memset_s(s, len, 0, len);
|
||||
free(s);
|
||||
return ret;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user