fix: replace memset with sodium_memzero for sensitive data

This commit is contained in:
Roman Proskuryakov 2016-01-24 05:55:25 +03:00
parent 7d66c70037
commit 23b0c9cded
6 changed files with 13 additions and 13 deletions

View File

@ -251,7 +251,7 @@ static int handle_handshake(TCP_Client_Connection *TCP_conn, const uint8_t *data
memcpy(TCP_conn->recv_nonce, plain + crypto_box_PUBLICKEYBYTES, crypto_box_NONCEBYTES); memcpy(TCP_conn->recv_nonce, plain + crypto_box_PUBLICKEYBYTES, crypto_box_NONCEBYTES);
encrypt_precompute(plain, TCP_conn->temp_secret_key, TCP_conn->shared_key); encrypt_precompute(plain, TCP_conn->temp_secret_key, TCP_conn->shared_key);
memset(TCP_conn->temp_secret_key, 0, crypto_box_SECRETKEYBYTES); sodium_memzero(TCP_conn->temp_secret_key, crypto_box_SECRETKEYBYTES);
return 0; return 0;
} }
@ -962,6 +962,6 @@ void kill_TCP_connection(TCP_Client_Connection *TCP_connection)
wipe_priority_list(TCP_connection); wipe_priority_list(TCP_connection);
kill_sock(TCP_connection->sock); kill_sock(TCP_connection->sock);
memset(TCP_connection, 0, sizeof(TCP_Client_Connection)); sodium_memzero(TCP_connection, sizeof(TCP_Client_Connection));
free(TCP_connection); free(TCP_connection);
} }

View File

@ -169,7 +169,7 @@ static int del_accepted(TCP_Server *TCP_server, int index)
if (!bs_list_remove(&TCP_server->accepted_key_list, TCP_server->accepted_connection_array[index].public_key, index)) if (!bs_list_remove(&TCP_server->accepted_key_list, TCP_server->accepted_connection_array[index].public_key, index))
return -1; return -1;
memset(&TCP_server->accepted_connection_array[index], 0, sizeof(TCP_Secure_Connection)); sodium_memzero(&TCP_server->accepted_connection_array[index], sizeof(TCP_Secure_Connection));
--TCP_server->num_accepted_connections; --TCP_server->num_accepted_connections;
if (TCP_server->num_accepted_connections == 0) if (TCP_server->num_accepted_connections == 0)
@ -447,7 +447,7 @@ static int write_packet_TCP_secure_connection(TCP_Secure_Connection *con, const
static void kill_TCP_connection(TCP_Secure_Connection *con) static void kill_TCP_connection(TCP_Secure_Connection *con)
{ {
kill_sock(con->sock); kill_sock(con->sock);
memset(con, 0, sizeof(TCP_Secure_Connection)); sodium_memzero(con, sizeof(TCP_Secure_Connection));
} }
static int rm_connection_index(TCP_Server *TCP_server, TCP_Secure_Connection *con, uint8_t con_number); static int rm_connection_index(TCP_Server *TCP_server, TCP_Secure_Connection *con, uint8_t con_number);
@ -868,7 +868,7 @@ static int confirm_TCP_connection(TCP_Server *TCP_server, TCP_Secure_Connection
return -1; return -1;
} }
memset(con, 0, sizeof(TCP_Secure_Connection)); sodium_memzero(con, sizeof(TCP_Secure_Connection));
if (handle_TCP_packet(TCP_server, index, data, length) == -1) { if (handle_TCP_packet(TCP_server, index, data, length) == -1) {
kill_accepted(TCP_server, index); kill_accepted(TCP_server, index);
@ -1056,7 +1056,7 @@ static int do_incoming(TCP_Server *TCP_server, uint32_t i)
kill_TCP_connection(conn_new); kill_TCP_connection(conn_new);
memcpy(conn_new, conn_old, sizeof(TCP_Secure_Connection)); memcpy(conn_new, conn_old, sizeof(TCP_Secure_Connection));
memset(conn_old, 0, sizeof(TCP_Secure_Connection)); sodium_memzero(conn_old, sizeof(TCP_Secure_Connection));
++TCP_server->unconfirmed_connection_queue_index; ++TCP_server->unconfirmed_connection_queue_index;
return index_new; return index_new;

View File

@ -94,7 +94,7 @@ int remove_request_received(Friend_Requests *fr, const uint8_t *real_pk)
for (i = 0; i < MAX_RECEIVED_STORED; ++i) { for (i = 0; i < MAX_RECEIVED_STORED; ++i) {
if (id_equal(fr->received_requests[i], real_pk)) { if (id_equal(fr->received_requests[i], real_pk)) {
memset(fr->received_requests[i], 0, crypto_box_PUBLICKEYBYTES); sodium_memzero(fr->received_requests[i], crypto_box_PUBLICKEYBYTES);
return 0; return 0;
} }
} }

View File

@ -106,7 +106,7 @@ static int wipe_group_chat(Group_Chats *g_c, int groupnumber)
return -1; return -1;
uint32_t i; uint32_t i;
memset(&(g_c->chats[groupnumber]), 0 , sizeof(Group_c)); sodium_memzero(&(g_c->chats[groupnumber]), sizeof(Group_c));
for (i = g_c->num_chats; i != 0; --i) { for (i = g_c->num_chats; i != 0; --i) {
if (g_c->chats[i - 1].status != GROUPCHAT_STATUS_NONE) if (g_c->chats[i - 1].status != GROUPCHAT_STATUS_NONE)
@ -2011,7 +2011,7 @@ static unsigned int lossy_packet_not_received(Group_c *g, int peer_index, uint16
uint16_t top_distance = message_number - g->group[peer_index].top_lossy_number; uint16_t top_distance = message_number - g->group[peer_index].top_lossy_number;
if (top_distance >= MAX_LOSSY_COUNT) { if (top_distance >= MAX_LOSSY_COUNT) {
memset(g->group[peer_index].recv_lossy, 0, sizeof(g->group[peer_index].recv_lossy)); sodium_memzero(g->group[peer_index].recv_lossy, sizeof(g->group[peer_index].recv_lossy));
g->group[peer_index].top_lossy_number = message_number; g->group[peer_index].top_lossy_number = message_number;
g->group[peer_index].bottom_lossy_number = (message_number - MAX_LOSSY_COUNT) + 1; g->group[peer_index].bottom_lossy_number = (message_number - MAX_LOSSY_COUNT) + 1;
g->group[peer_index].recv_lossy[message_number % MAX_LOSSY_COUNT] = 1; g->group[peer_index].recv_lossy[message_number % MAX_LOSSY_COUNT] = 1;

View File

@ -1518,7 +1518,7 @@ static int wipe_crypto_connection(Net_Crypto *c, int crypt_connection_id)
/* Keep mutex, only destroy it when connection is realloced out. */ /* Keep mutex, only destroy it when connection is realloced out. */
pthread_mutex_t mutex = c->crypto_connections[crypt_connection_id].mutex; pthread_mutex_t mutex = c->crypto_connections[crypt_connection_id].mutex;
memset(&(c->crypto_connections[crypt_connection_id]), 0 , sizeof(Crypto_Connection)); sodium_memzero(&(c->crypto_connections[crypt_connection_id]), sizeof(Crypto_Connection));
c->crypto_connections[crypt_connection_id].mutex = mutex; c->crypto_connections[crypt_connection_id].mutex = mutex;
for (i = c->crypto_connections_length; i != 0; --i) { for (i = c->crypto_connections_length; i != 0; --i) {
@ -2709,6 +2709,6 @@ void kill_net_crypto(Net_Crypto *c)
networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL); networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL);
networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL); networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL);
networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL); networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL);
memset(c, 0, sizeof(Net_Crypto)); sodium_memzero(c, sizeof(Net_Crypto));
free(c); free(c);
} }

View File

@ -1060,7 +1060,7 @@ int onion_delfriend(Onion_Client *onion_c, int friend_num)
//if (onion_c->friends_list[friend_num].know_dht_public_key) //if (onion_c->friends_list[friend_num].know_dht_public_key)
// DHT_delfriend(onion_c->dht, onion_c->friends_list[friend_num].dht_public_key, 0); // DHT_delfriend(onion_c->dht, onion_c->friends_list[friend_num].dht_public_key, 0);
memset(&(onion_c->friends_list[friend_num]), 0, sizeof(Onion_Friend)); sodium_memzero(&(onion_c->friends_list[friend_num]), sizeof(Onion_Friend));
unsigned int i; unsigned int i;
for (i = onion_c->num_friends; i != 0; --i) { for (i = onion_c->num_friends; i != 0; --i) {
@ -1523,7 +1523,7 @@ void kill_onion_client(Onion_Client *onion_c)
oniondata_registerhandler(onion_c, ONION_DATA_DHTPK, NULL, NULL); oniondata_registerhandler(onion_c, ONION_DATA_DHTPK, NULL, NULL);
cryptopacket_registerhandler(onion_c->dht, CRYPTO_PACKET_DHTPK, NULL, NULL); cryptopacket_registerhandler(onion_c->dht, CRYPTO_PACKET_DHTPK, NULL, NULL);
set_onion_packet_tcp_connection_callback(onion_c->c->tcp_c, NULL, NULL); set_onion_packet_tcp_connection_callback(onion_c->c->tcp_c, NULL, NULL);
memset(onion_c, 0, sizeof(Onion_Client)); sodium_memzero(onion_c, sizeof(Onion_Client));
free(onion_c); free(onion_c);
} }