mirror of
https://github.com/irungentoo/toxcore.git
synced 2024-03-22 13:30:51 +08:00
fix: replace memset with sodium_memzero for sensitive data
This commit is contained in:
parent
7d66c70037
commit
23b0c9cded
|
@ -251,7 +251,7 @@ static int handle_handshake(TCP_Client_Connection *TCP_conn, const uint8_t *data
|
||||||
|
|
||||||
memcpy(TCP_conn->recv_nonce, plain + crypto_box_PUBLICKEYBYTES, crypto_box_NONCEBYTES);
|
memcpy(TCP_conn->recv_nonce, plain + crypto_box_PUBLICKEYBYTES, crypto_box_NONCEBYTES);
|
||||||
encrypt_precompute(plain, TCP_conn->temp_secret_key, TCP_conn->shared_key);
|
encrypt_precompute(plain, TCP_conn->temp_secret_key, TCP_conn->shared_key);
|
||||||
memset(TCP_conn->temp_secret_key, 0, crypto_box_SECRETKEYBYTES);
|
sodium_memzero(TCP_conn->temp_secret_key, crypto_box_SECRETKEYBYTES);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -962,6 +962,6 @@ void kill_TCP_connection(TCP_Client_Connection *TCP_connection)
|
||||||
|
|
||||||
wipe_priority_list(TCP_connection);
|
wipe_priority_list(TCP_connection);
|
||||||
kill_sock(TCP_connection->sock);
|
kill_sock(TCP_connection->sock);
|
||||||
memset(TCP_connection, 0, sizeof(TCP_Client_Connection));
|
sodium_memzero(TCP_connection, sizeof(TCP_Client_Connection));
|
||||||
free(TCP_connection);
|
free(TCP_connection);
|
||||||
}
|
}
|
||||||
|
|
|
@ -169,7 +169,7 @@ static int del_accepted(TCP_Server *TCP_server, int index)
|
||||||
if (!bs_list_remove(&TCP_server->accepted_key_list, TCP_server->accepted_connection_array[index].public_key, index))
|
if (!bs_list_remove(&TCP_server->accepted_key_list, TCP_server->accepted_connection_array[index].public_key, index))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
memset(&TCP_server->accepted_connection_array[index], 0, sizeof(TCP_Secure_Connection));
|
sodium_memzero(&TCP_server->accepted_connection_array[index], sizeof(TCP_Secure_Connection));
|
||||||
--TCP_server->num_accepted_connections;
|
--TCP_server->num_accepted_connections;
|
||||||
|
|
||||||
if (TCP_server->num_accepted_connections == 0)
|
if (TCP_server->num_accepted_connections == 0)
|
||||||
|
@ -447,7 +447,7 @@ static int write_packet_TCP_secure_connection(TCP_Secure_Connection *con, const
|
||||||
static void kill_TCP_connection(TCP_Secure_Connection *con)
|
static void kill_TCP_connection(TCP_Secure_Connection *con)
|
||||||
{
|
{
|
||||||
kill_sock(con->sock);
|
kill_sock(con->sock);
|
||||||
memset(con, 0, sizeof(TCP_Secure_Connection));
|
sodium_memzero(con, sizeof(TCP_Secure_Connection));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int rm_connection_index(TCP_Server *TCP_server, TCP_Secure_Connection *con, uint8_t con_number);
|
static int rm_connection_index(TCP_Server *TCP_server, TCP_Secure_Connection *con, uint8_t con_number);
|
||||||
|
@ -868,7 +868,7 @@ static int confirm_TCP_connection(TCP_Server *TCP_server, TCP_Secure_Connection
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(con, 0, sizeof(TCP_Secure_Connection));
|
sodium_memzero(con, sizeof(TCP_Secure_Connection));
|
||||||
|
|
||||||
if (handle_TCP_packet(TCP_server, index, data, length) == -1) {
|
if (handle_TCP_packet(TCP_server, index, data, length) == -1) {
|
||||||
kill_accepted(TCP_server, index);
|
kill_accepted(TCP_server, index);
|
||||||
|
@ -1056,7 +1056,7 @@ static int do_incoming(TCP_Server *TCP_server, uint32_t i)
|
||||||
kill_TCP_connection(conn_new);
|
kill_TCP_connection(conn_new);
|
||||||
|
|
||||||
memcpy(conn_new, conn_old, sizeof(TCP_Secure_Connection));
|
memcpy(conn_new, conn_old, sizeof(TCP_Secure_Connection));
|
||||||
memset(conn_old, 0, sizeof(TCP_Secure_Connection));
|
sodium_memzero(conn_old, sizeof(TCP_Secure_Connection));
|
||||||
++TCP_server->unconfirmed_connection_queue_index;
|
++TCP_server->unconfirmed_connection_queue_index;
|
||||||
|
|
||||||
return index_new;
|
return index_new;
|
||||||
|
|
|
@ -94,7 +94,7 @@ int remove_request_received(Friend_Requests *fr, const uint8_t *real_pk)
|
||||||
|
|
||||||
for (i = 0; i < MAX_RECEIVED_STORED; ++i) {
|
for (i = 0; i < MAX_RECEIVED_STORED; ++i) {
|
||||||
if (id_equal(fr->received_requests[i], real_pk)) {
|
if (id_equal(fr->received_requests[i], real_pk)) {
|
||||||
memset(fr->received_requests[i], 0, crypto_box_PUBLICKEYBYTES);
|
sodium_memzero(fr->received_requests[i], crypto_box_PUBLICKEYBYTES);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -106,7 +106,7 @@ static int wipe_group_chat(Group_Chats *g_c, int groupnumber)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
uint32_t i;
|
uint32_t i;
|
||||||
memset(&(g_c->chats[groupnumber]), 0 , sizeof(Group_c));
|
sodium_memzero(&(g_c->chats[groupnumber]), sizeof(Group_c));
|
||||||
|
|
||||||
for (i = g_c->num_chats; i != 0; --i) {
|
for (i = g_c->num_chats; i != 0; --i) {
|
||||||
if (g_c->chats[i - 1].status != GROUPCHAT_STATUS_NONE)
|
if (g_c->chats[i - 1].status != GROUPCHAT_STATUS_NONE)
|
||||||
|
@ -2011,7 +2011,7 @@ static unsigned int lossy_packet_not_received(Group_c *g, int peer_index, uint16
|
||||||
uint16_t top_distance = message_number - g->group[peer_index].top_lossy_number;
|
uint16_t top_distance = message_number - g->group[peer_index].top_lossy_number;
|
||||||
|
|
||||||
if (top_distance >= MAX_LOSSY_COUNT) {
|
if (top_distance >= MAX_LOSSY_COUNT) {
|
||||||
memset(g->group[peer_index].recv_lossy, 0, sizeof(g->group[peer_index].recv_lossy));
|
sodium_memzero(g->group[peer_index].recv_lossy, sizeof(g->group[peer_index].recv_lossy));
|
||||||
g->group[peer_index].top_lossy_number = message_number;
|
g->group[peer_index].top_lossy_number = message_number;
|
||||||
g->group[peer_index].bottom_lossy_number = (message_number - MAX_LOSSY_COUNT) + 1;
|
g->group[peer_index].bottom_lossy_number = (message_number - MAX_LOSSY_COUNT) + 1;
|
||||||
g->group[peer_index].recv_lossy[message_number % MAX_LOSSY_COUNT] = 1;
|
g->group[peer_index].recv_lossy[message_number % MAX_LOSSY_COUNT] = 1;
|
||||||
|
|
|
@ -1518,7 +1518,7 @@ static int wipe_crypto_connection(Net_Crypto *c, int crypt_connection_id)
|
||||||
|
|
||||||
/* Keep mutex, only destroy it when connection is realloced out. */
|
/* Keep mutex, only destroy it when connection is realloced out. */
|
||||||
pthread_mutex_t mutex = c->crypto_connections[crypt_connection_id].mutex;
|
pthread_mutex_t mutex = c->crypto_connections[crypt_connection_id].mutex;
|
||||||
memset(&(c->crypto_connections[crypt_connection_id]), 0 , sizeof(Crypto_Connection));
|
sodium_memzero(&(c->crypto_connections[crypt_connection_id]), sizeof(Crypto_Connection));
|
||||||
c->crypto_connections[crypt_connection_id].mutex = mutex;
|
c->crypto_connections[crypt_connection_id].mutex = mutex;
|
||||||
|
|
||||||
for (i = c->crypto_connections_length; i != 0; --i) {
|
for (i = c->crypto_connections_length; i != 0; --i) {
|
||||||
|
@ -2709,6 +2709,6 @@ void kill_net_crypto(Net_Crypto *c)
|
||||||
networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL);
|
networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL);
|
||||||
networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL);
|
networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL);
|
||||||
networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL);
|
networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL);
|
||||||
memset(c, 0, sizeof(Net_Crypto));
|
sodium_memzero(c, sizeof(Net_Crypto));
|
||||||
free(c);
|
free(c);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1060,7 +1060,7 @@ int onion_delfriend(Onion_Client *onion_c, int friend_num)
|
||||||
//if (onion_c->friends_list[friend_num].know_dht_public_key)
|
//if (onion_c->friends_list[friend_num].know_dht_public_key)
|
||||||
// DHT_delfriend(onion_c->dht, onion_c->friends_list[friend_num].dht_public_key, 0);
|
// DHT_delfriend(onion_c->dht, onion_c->friends_list[friend_num].dht_public_key, 0);
|
||||||
|
|
||||||
memset(&(onion_c->friends_list[friend_num]), 0, sizeof(Onion_Friend));
|
sodium_memzero(&(onion_c->friends_list[friend_num]), sizeof(Onion_Friend));
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
for (i = onion_c->num_friends; i != 0; --i) {
|
for (i = onion_c->num_friends; i != 0; --i) {
|
||||||
|
@ -1523,7 +1523,7 @@ void kill_onion_client(Onion_Client *onion_c)
|
||||||
oniondata_registerhandler(onion_c, ONION_DATA_DHTPK, NULL, NULL);
|
oniondata_registerhandler(onion_c, ONION_DATA_DHTPK, NULL, NULL);
|
||||||
cryptopacket_registerhandler(onion_c->dht, CRYPTO_PACKET_DHTPK, NULL, NULL);
|
cryptopacket_registerhandler(onion_c->dht, CRYPTO_PACKET_DHTPK, NULL, NULL);
|
||||||
set_onion_packet_tcp_connection_callback(onion_c->c->tcp_c, NULL, NULL);
|
set_onion_packet_tcp_connection_callback(onion_c->c->tcp_c, NULL, NULL);
|
||||||
memset(onion_c, 0, sizeof(Onion_Client));
|
sodium_memzero(onion_c, sizeof(Onion_Client));
|
||||||
free(onion_c);
|
free(onion_c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user