summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Walleij <linus@foobar.localdomain>2010-02-20 22:58:49 +0100
committerSamuel Lidén Borell <samuel@slbdata.se>2010-02-20 23:08:06 +0100
commit9ac14e115a8cf5cc0771de30879efb74a4028d40 (patch)
tree1521d8fd6e08a23ccfbf5b978baa5bba33a12b1b
parent2605e8dd6ffd0b8cc710a3f91d58192cd510473a (diff)
downloadfribid-9ac14e115a8cf5cc0771de30879efb74a4028d40.tar.gz
fribid-9ac14e115a8cf5cc0771de30879efb74a4028d40.tar.bz2
fribid-9ac14e115a8cf5cc0771de30879efb74a4028d40.zip
Introduce guaranteed_memset()
This patch tries to counter the issues presented by some compilers that agressively optimize inlined memset() code. Solution proposed by Michael Howard as documented in David Wheelers secure programming book. Signed-off-by: Linus Walleij <linus.ml.walleij@gmail.com>
-rw-r--r--client/gtk.c3
-rw-r--r--client/main.c2
-rw-r--r--client/misc.c17
-rw-r--r--client/misc.h1
-rw-r--r--client/secmem.c5
5 files changed, 21 insertions, 7 deletions
diff --git a/client/gtk.c b/client/gtk.c
index b3df837..786d2c5 100644
--- a/client/gtk.c
+++ b/client/gtk.c
@@ -39,6 +39,7 @@
#include "bankid.h"
#include "keyfile.h"
#include "platform.h"
+#include "misc.h"
#define _(string) gettext(string)
@@ -130,7 +131,7 @@ static bool addSignatureFile(GtkListStore *signatures, const char *filename,
}
}
free(people);
- memset(fileData, 0, fileLen);
+ guaranteed_memset(fileData, 0, fileLen);
free(fileData);
return (personCount != 0);
diff --git a/client/main.c b/client/main.c
index d517093..82fad03 100644
--- a/client/main.c
+++ b/client/main.c
@@ -135,7 +135,7 @@ void pipeData() {
free(p12Data);
keyfile_freeSubject(person);
- memset(password, 0, password_maxsize);
+ guaranteed_memset(password, 0, password_maxsize);
if (error == BIDERR_OK) break;
diff --git a/client/misc.c b/client/misc.c
index 509e08b..08ffa27 100644
--- a/client/misc.c
+++ b/client/misc.c
@@ -45,6 +45,20 @@ char *rasprintf(const char *format, ...) {
return str;
}
+/**
+ * This is a modified memset(3) function to cover the
+ * problems documented by David Wheeler in:
+ * http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/\
+ * protect-secrets.html
+ * Based on a Bugtraq issue filed by Andy Polyakov this
+ * workaround was suggested by Michael Howard
+ */
+void *guaranteed_memset(void *v, int c, size_t n) {
+ volatile char *p=v;
+ while (n--) *p++=c;
+ return v;
+}
+
// Removes newlines from base64 encoded data
static void removeNewlines(char *s) {
const char *readp = s;
@@ -125,6 +139,3 @@ bool is_valid_hostname(const char *hostname) {
bool is_https_url(const char *url) {
return !strncmp(url, "https://", 8);
}
-
-
-
diff --git a/client/misc.h b/client/misc.h
index 3943577..be6e399 100644
--- a/client/misc.h
+++ b/client/misc.h
@@ -28,6 +28,7 @@
#include <stdbool.h>
char *rasprintf(const char *format, ...);
+void *guaranteed_memset(void *v, int c, size_t n);
char *base64_encode(const char *data, const int length);
char *base64_decode(const char *encoded);
diff --git a/client/secmem.c b/client/secmem.c
index 11928a6..72d36cd 100644
--- a/client/secmem.c
+++ b/client/secmem.c
@@ -28,6 +28,7 @@
#include <unistd.h> // For sysconf()
#include <sys/mman.h> // For mmap()/mlock() etc
+#include "misc.h"
#include "secmem.h"
/*
@@ -135,7 +136,7 @@ void secmem_free_page(char *page)
for (i = 0; i < SECPAGES; i++) {
if (pool + (pagesize * i) == page) {
pageindex[i] = 0;
- memset(page, 0, pagesize);
+ guaranteed_memset(page, 0, pagesize);
break;
}
}
@@ -153,7 +154,7 @@ void secmem_destroy_pool(void)
return;
for (i = 0; i < SECPAGES; i++)
pageindex[i] = 0;
- memset(pool, 0, poolsize);
+ guaranteed_memset(pool, 0, poolsize);
munmap(pool, poolsize);
poolsize = 0;
pool = NULL;