Ver Fonte

Merge branch 'cleanse-hash'

* cleanse-hash:
  * Add some more OPENSSL_cleanse() calls
Bryan Drewery há 17 anos atrás
pai
commit
2d838c81a0
6 ficheiros alterados com 25 adições e 6 exclusões
  1. 3 2
      src/binary.c
  2. 5 0
      src/crypt.c
  3. 4 1
      src/dcc.c
  4. 11 3
      src/enclink.c
  5. 1 0
      src/userrec.c
  6. 1 0
      src/users.c

+ 3 - 2
src/binary.c

@@ -392,12 +392,11 @@ static void edpack(settings_t *incfg, const char *in_hash, int what)
 		  egg_memcpy(_field, tmp, len);							\
 		else 										\
 		  simple_snprintf(_field, sizeof(_field), "%s", tmp);				\
+		OPENSSL_cleanse(tmp, len);							\
 		free(tmp);									\
 	}											\
 } while (0)
 
-//FIXME: Maybe this should be done for EACH dofield(), ie, each entry changes the encryption for next line?
-//makes it harder to fuck with, then again, maybe current is fine?
 #define dohash(_field)		do {								\
 	if (what == PACK_ENC)									\
 	  strlcat(nhash, _field, sizeof(nhash));						\
@@ -407,6 +406,7 @@ static void edpack(settings_t *incfg, const char *in_hash, int what)
 } while (0)
 
 #define update_hash()		do {				\
+	MD5(NULL);						\
 	hash = MD5(nhash);					\
 	OPENSSL_cleanse(nhash, sizeof(nhash));			\
 	nhash[0] = 0;						\
@@ -578,6 +578,7 @@ void write_settings(const char *fname, int die, bool doconf)
       if (die == -1) {			/* only bother decrypting if we aren't about to exit */
         edpack(&settings, hash, PACK_DEC);
         INIT_SALTS;
+        OPENSSL_cleanse(hash, strlen(hash));
       }
     }
     if (die == -1) {

+ 5 - 0
src/crypt.c

@@ -47,6 +47,8 @@ encrypt_binary(const char *keydata, unsigned char *in, size_t *inlen)
     blocks = len / CRYPT_BLOCKSIZE;
     for (block = blocks - 1; block >= 0; block--)
       AES_encrypt(&out[block * CRYPT_BLOCKSIZE], &out[block * CRYPT_BLOCKSIZE], &e_key);
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(&e_key, sizeof(e_key));
   }
   out[len] = 0;
   return out;
@@ -75,6 +77,8 @@ decrypt_binary(const char *keydata, unsigned char *in, size_t *len)
 
     for (block = blocks - 1; block >= 0; block--)
       AES_decrypt(&out[block * CRYPT_BLOCKSIZE], &out[block * CRYPT_BLOCKSIZE], &d_key);
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(&d_key, sizeof(d_key));
   }
 
   return out;
@@ -166,6 +170,7 @@ char *decrypt_pass(struct userrec *u)
     tmp = decrypt_string(user_key(u), &pass[1]);
     if ((p = strchr(tmp, '-')))
       ret = strdup(++p); 
+    OPENSSL_cleanse(tmp, strlen(tmp));
     free(tmp);
   }
   if (!ret)

+ 4 - 1
src/dcc.c

@@ -963,7 +963,10 @@ dcc_chat_pass(int idx, char *buf, int atr)
       if (snum >= 0) {
         char *hash = newsplit(&buf);
 
-        if (strcmp(dcc[idx].shahash, hash)) {
+        int hash_n = strcmp(dcc[idx].shahash, hash);
+        OPENSSL_cleanse(dcc[idx].shahash, sizeof(dcc[idx].shahash));
+        OPENSSL_cleanse(hash, strlen(hash));
+        if (hash_n) {
           putlog(LOG_WARN, "*", STR("%s attempted to negotiate an encryption with an invalid hash."), dcc[idx].nick);
           killsock(dcc[idx].sock);
           lostdcc(idx);

+ 11 - 3
src/enclink.c

@@ -72,6 +72,7 @@ static void ghost_link_case(int idx, direction_t direction)
     putlog(LOG_DEBUG, "@", "outkey (%zu): %s", strlen(keyp), keyp);
 #endif
     OPENSSL_cleanse(tmp, sizeof(tmp));
+    SHA1(NULL);
 
     if (direction == FROM) {
       make_rand_str(initkey, 32);       /* set the initial out/in link key to random chars. */
@@ -87,6 +88,7 @@ static void ghost_link_case(int idx, direction_t direction)
       free(tmp2);
       strlcpy(socklist[snum].okey, initkey, ENC_KEY_LEN + 1);
       strlcpy(socklist[snum].ikey, initkey, ENC_KEY_LEN + 1);
+      OPENSSL_cleanse(initkey, sizeof(initkey));
     } else {
       socklist[snum].encstatus = 1;
       socklist[snum].gz = 1;
@@ -175,6 +177,7 @@ static char *ghost_write(int snum, char *src, size_t *len)
     free(eline);
     strcat(buf, "\n");
   }
+  OPENSSL_cleanse(srcbuf, bufsiz);
   free(srcbuf);
 
   *len = strlen(buf);
@@ -193,11 +196,14 @@ void ghost_parse(int idx, int snum, char *buf)
     char *tmp = decrypt_string(salt2, newsplit(&buf));
 
     strlcpy(socklist[snum].okey, tmp, ENC_KEY_LEN + 1);
+    OPENSSL_cleanse(tmp, strlen(tmp));
+    free(tmp);
+
     strlcpy(socklist[snum].ikey, socklist[snum].okey, ENC_KEY_LEN + 1);
+
     socklist[snum].iseed = atoi(buf);
     socklist[snum].oseed = atoi(buf);
     putlog(LOG_BOTS, "*", STR("Handshake with %s succeeded, we're linked."), dcc[idx].nick);
-    free(tmp);
     link_done(idx);
   }
 }
@@ -226,9 +232,9 @@ static int binary_read(int snum, char *src, size_t *len)
 static char *binary_write(int snum, char *src, size_t *len)
 {
   char *srcbuf = NULL, *buf = NULL, *line = NULL, *eol = NULL, *eline = NULL;
-  size_t bufpos = 0;
+  size_t bufpos = 0, bufsiz = *len + 9 + 1;
 
-  srcbuf = (char *) my_calloc(1, *len + 9 + 1);
+  srcbuf = (char *) my_calloc(1, bufsiz);
   strcpy(srcbuf, src);
   line = srcbuf;
 
@@ -269,6 +275,7 @@ static char *binary_write(int snum, char *src, size_t *len)
     free(eline);
     strcat(buf, "\n");
   }
+  OPENSSL_cleanse(srcbuf, bufsiz);
   free(srcbuf);
 
   *len = strlen(buf);
@@ -349,6 +356,7 @@ void link_hash(int idx, char *rand)
   /* nothing fancy, just something simple that can stop people from playing */
   simple_snprintf(hash, sizeof(hash), STR("enclink%s"), rand);
   strlcpy(dcc[idx].shahash, SHA1(hash), SHA_HASH_LENGTH + 1);
+  SHA1(NULL);
   OPENSSL_cleanse(hash, sizeof(hash));
   return;
 }

+ 1 - 0
src/userrec.c

@@ -305,6 +305,7 @@ void convert_password(struct userrec *u)
       pass[MAXPASSLEN] = 0;
 
     set_user(&USERENTRY_PASS, u, pass);
+    OPENSSL_cleanse(pass, strlen(pass));
     free(pass);
 
     /* clear old record */

+ 1 - 0
src/users.c

@@ -629,6 +629,7 @@ int readuserfile(const char *file, struct userrec **ret)
     remove_crlf(cbuf);
     temps = (char *) decrypt_string(salt1, cbuf);
     simple_snprintf(s, 1024, "%s", temps);
+    OPENSSL_cleanse(temps, strlen(temps));
     free(temps);
     if (!feof(f)) {
       line++;