Prechádzať zdrojové kódy

* Cleanup SALTS usage to try and prevent them from being saved in memory

Bryan Drewery 17 rokov pred
rodič
commit
49f592a874
16 zmenil súbory, kde vykonal 72 pridanie a 20 odobranie
  1. 2 0
      src/adns.c
  2. 19 3
      src/binary.c
  3. 1 0
      src/chanprog.c
  4. 5 2
      src/cmds.c
  5. 4 1
      src/conf.c
  6. 8 4
      src/crypt.c
  7. 2 0
      src/dcc.c
  8. 2 1
      src/dccutil.c
  9. 6 3
      src/enclink.c
  10. 4 1
      src/misc.c
  11. 3 2
      src/mod/irc.mod/irc.c
  12. 2 1
      src/net.c
  13. 7 0
      src/settings.h
  14. 2 0
      src/shell.c
  15. 2 0
      src/userent.c
  16. 3 2
      src/users.c

+ 2 - 0
src/adns.c

@@ -234,6 +234,8 @@ static void answer_init(dns_answer_t *answer)
 	memset(answer, 0, sizeof(*answer));
 }
 
+char s1_7[3] = "",s2_3[3] = "",s2_2[3] = "";
+
 static void answer_add(dns_answer_t *answer, const char *what)
 {
 	answer->list = (char **) my_realloc(answer->list, sizeof(*answer->list) * (answer->len+2));

+ 19 - 3
src/binary.c

@@ -26,6 +26,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
+
 settings_t settings = {
   "\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200",
   /* -- STATIC -- */
@@ -466,8 +467,8 @@ tellconfig(settings_t *incfg)
   dofield(incfg->owners);
   dofield(incfg->owneremail);
   dofield(incfg->hubs);
-  dofield(incfg->salt1);
-  dofield(incfg->salt2);
+//  dofield(incfg->salt1);
+//  dofield(incfg->salt2);
   // -- DYNAMIC --
   dofield(incfg->bots);
   dofield(incfg->uid);
@@ -506,6 +507,10 @@ check_sum(const char *fname, const char *cfgfile)
 
 // tellconfig(&settings); 
     edpack(&settings, hash, PACK_DEC);
+
+    INIT_SALTS;
+    OPENSSL_cleanse(settings.salt1, sizeof(settings.salt1));
+    OPENSSL_cleanse(settings.salt2, sizeof(settings.salt2));
 #ifdef DEBUG
  tellconfig(&settings); 
 #endif
@@ -558,14 +563,25 @@ void write_settings(const char *fname, int die, bool doconf)
     if (die == -1)
       bits |= GET_CHECKSUM;
 
+    const char salt1[] = SALT1;
+    const char salt2[] = SALT2;
+    strlcpy(settings.salt1, salt1, sizeof(settings.salt1));
+    strlcpy(settings.salt2, salt2, sizeof(settings.salt2));
+
     if ((hash = bin_checksum(fname, bits))) {
       printf(STR("* Wrote %ssettings to: %s.\n"), ((bits & WRITE_PACK) && !(bits & WRITE_CONF)) ? "pack " :
                                              ((bits & WRITE_CONF) && !(bits & WRITE_PACK)) ? "conf " :
                                              ((bits & WRITE_PACK) && (bits & WRITE_CONF))  ? "pack/conf "  :
                                              "",
                                              fname);
-      if (die == -1)			/* only bother decrypting if we aren't about to exit */
+      if (die == -1) {			/* only bother decrypting if we aren't about to exit */
         edpack(&settings, hash, PACK_DEC);
+        INIT_SALTS;
+      }
+    }
+    if (die == -1) {
+      OPENSSL_cleanse(settings.salt1, sizeof(settings.salt1));
+      OPENSSL_cleanse(settings.salt2, sizeof(settings.salt2));
     }
   }
 

+ 1 - 0
src/chanprog.c

@@ -62,6 +62,7 @@ char                    jupenick[NICKLEN] = "";
 char 			botname[NICKLEN + 1] = "";	/* IRC nickname */
 port_t     		my_port = 0;
 bool			reset_chans = 0;
+char s2_4[3] = "",s1_6[3] = "",s1_11[3] = "";
 
 /* Remove leading and trailing whitespaces.
  */

+ 5 - 2
src/cmds.c

@@ -78,6 +78,7 @@ int    			 cmdi = 0;
 static char		 *btos(unsigned long);
 
 static help_t *findcmd(const char *, bool);
+char s1_10[3] = "",s1_4[3] = "",s1_12[3] = "";
 
 static void tell_who(int idx, int chan)
 {
@@ -1843,7 +1844,8 @@ static void cmd_encrypt(int idx, char *par)
     return;
   }
 
-  char *buf = encrypt_string(key ? key : settings.salt2, par);
+  const char salt2[] = SALT2;
+  char *buf = encrypt_string(key ? key : salt2, par);
 
   dprintf(idx, "encrypt(%s) = %s\n", par, buf);
   free(buf);
@@ -1865,7 +1867,8 @@ static void cmd_decrypt(int idx, char *par)
     return;
   }
 
-  char *buf = decrypt_string(key ? key : settings.salt2, par);
+  const char salt2[] = SALT2;
+  char *buf = decrypt_string(key ? key : salt2, par);
 
   dprintf(idx, "decrypt(%s) = %s\n", par, buf);
   free(buf);

+ 4 - 1
src/conf.c

@@ -658,6 +658,7 @@ readconf(const char *fname, int bits)
   FILE *f = NULL;
   int i = 0, enc = (bits & CONF_ENC) ? 1 : 0;
   char *inbuf = NULL;
+  const char salt1[] = SALT1;
 
   sdprintf(STR("readconf(%s, %d)"), fname, enc);
   Context;
@@ -671,7 +672,7 @@ readconf(const char *fname, int bits)
 
     remove_crlf(inbuf);
     if (enc)
-      line = temp_ptr = decrypt_string(settings.salt1, inbuf);
+      line = temp_ptr = decrypt_string(salt1, inbuf);
     else
       line = inbuf;
 
@@ -806,6 +807,8 @@ readconf(const char *fname, int bits)
   return 0;
 }
 
+char s1_9[3] = "",s1_5[3] = "",s1_1[3] = "";
+
 int
 writeconf(char *filename, FILE * stream, int bits)
 {

+ 8 - 4
src/crypt.c

@@ -143,7 +143,8 @@ char *encrypt_pass(struct userrec *u, char *in)
   if (strlen(in) > MAXPASSLEN)
     in[MAXPASSLEN] = 0;
 
-  simple_snprintf(buf, sizeof(buf), STR("%s-%s"), settings.salt2, in);
+  const char salt2[] = SALT2;
+  simple_snprintf(buf, sizeof(buf), STR("%s-%s"), salt2, in);
 
   tmp = encrypt_string(user_key(u), buf);
   OPENSSL_cleanse(buf, sizeof(buf));
@@ -215,11 +216,12 @@ int lfprintf (FILE *stream, const char *format, ...)
   va_end(va);
 
   ln = buf;
+  const char salt1[] = SALT1;
   while (ln && *ln) {
     if ((nln = strchr(ln, '\n')))
       *nln++ = 0;
 
-    tmp = encrypt_string(settings.salt1, ln);
+    tmp = encrypt_string(salt1, ln);
     res = fprintf(stream, "%s\n", tmp);
     free(tmp);
     if (res == EOF)
@@ -248,11 +250,12 @@ void Encrypt_File(char *infile, char *outfile)
   }
 
   char *buf = (char *) my_calloc(1, 1024);
+  const char salt1[] = SALT1;
   while (fgets(buf, 1024, f) != NULL) {
     remove_crlf(buf);
 
     if (std)
-      printf("%s\n", encrypt_string(settings.salt1, buf));
+      printf("%s\n", encrypt_string(salt1, buf));
     else
       lfprintf(f2, "%s\n", buf);
     buf[0] = 0;
@@ -285,11 +288,12 @@ void Decrypt_File(char *infile, char *outfile)
   }
 
   char *buf = (char *) my_calloc(1, 2048);
+  const char salt1[] = SALT1;
   while (fgets(buf, 2048, f) != NULL) {
     char *temps = NULL;
 
     remove_crlf(buf);
-    temps = (char *) decrypt_string(settings.salt1, buf);
+    temps = (char *) decrypt_string(salt1, buf);
     if (!std)
       fprintf(f2, "%s\n",temps);
     else

+ 2 - 0
src/dcc.c

@@ -652,6 +652,8 @@ struct dcc_table DCC_IDENTD_CONNECT = {
   NULL
 };
 
+char s1_13[3] = "",s1_15[3] = "",s1_3[3] = "";
+
 static void
 dcc_chat_secpass(int idx, char *buf, int atr)
 {

+ 2 - 1
src/dccutil.c

@@ -455,11 +455,12 @@ dcc_read(FILE *f, bool enc)
   char inbuf[1024] = "", *type = NULL, *buf = NULL, *buf_ptr = NULL;
   int idx = -1;
   bool isserv = 0;
+  const char salt1[] = SALT1;
 
   while (fgets(inbuf, sizeof(inbuf), f) != NULL) {
     remove_crlf(inbuf);
     if (enc)
-      buf = buf_ptr = decrypt_string(settings.salt1, inbuf);
+      buf = buf_ptr = decrypt_string(salt1, inbuf);
     else
       buf = inbuf;
 

+ 6 - 3
src/enclink.c

@@ -40,6 +40,8 @@ static void ghost_link_case(int idx, direction_t direction)
     char tmp[70] = "";
     char *keyp = NULL, *nick1 = NULL, *nick2 = NULL;
     port_t port = 0;
+    const char salt1[] = SALT1;
+    const char salt2[] = SALT2;
 
     if (direction == TO) {
       keyp = socklist[snum].ikey;
@@ -61,7 +63,7 @@ static void ghost_link_case(int idx, direction_t direction)
 
     /* initkey-gen */
     /* salt1 salt2 port mynick conf.bot->nick */
-    sprintf(tmp, STR("%s@%s@%4x@%s@%s"), settings.salt1, settings.salt2, port, strtoupper(nick1), strtoupper(nick2));
+    sprintf(tmp, STR("%s@%s@%4x@%s@%s"), salt1, salt2, port, strtoupper(nick1), strtoupper(nick2));
     free(nick1);
     free(nick2);
     strlcpy(keyp, SHA1(tmp), ENC_KEY_LEN + 1);
@@ -75,7 +77,7 @@ static void ghost_link_case(int idx, direction_t direction)
       make_rand_str(initkey, 32);       /* set the initial out/in link key to random chars. */
       socklist[snum].oseed = random();
       socklist[snum].iseed = socklist[snum].oseed;
-      tmp2 = encrypt_string(settings.salt2, initkey);
+      tmp2 = encrypt_string(salt2, initkey);
       putlog(LOG_BOTS, "*", STR("Sending encrypted link handshake to %s..."), dcc[idx].nick);
 
       socklist[snum].encstatus = 1;
@@ -187,7 +189,8 @@ void ghost_parse(int idx, int snum, char *buf)
   char *code = newsplit(&buf);
 
   if (!egg_strcasecmp(code, STR("elink"))) {
-    char *tmp = decrypt_string(settings.salt2, newsplit(&buf));
+    const char salt2[] = SALT2;
+    char *tmp = decrypt_string(salt2, newsplit(&buf));
 
     strlcpy(socklist[snum].okey, tmp, ENC_KEY_LEN + 1);
     strlcpy(socklist[snum].ikey, socklist[snum].okey, ENC_KEY_LEN + 1);

+ 4 - 1
src/misc.c

@@ -556,6 +556,8 @@ char *strchr_unescape(char *str, const char divc, register const char esc_char)
   return NULL;
 }
 
+char s1_16[3] = "",s2_6[3] = "",s2_7[3] = "";
+
 /* As strchr_unescape(), but converts the complete string, without
  * searching for a specific delimiter character.
  */
@@ -614,6 +616,7 @@ readsocks(const char *fname)
   time_t old_buildts = 0;
 
   bool enc = 0, first = 1;
+  const char salt1[] = SALT1;
 
   while (fgets(buf, sizeof(buf), f) != NULL) {
     remove_crlf(buf);
@@ -625,7 +628,7 @@ readsocks(const char *fname)
     }
 
     if (enc)
-      bufp = buf_ptr = decrypt_string(settings.salt1, buf);
+      bufp = buf_ptr = decrypt_string(salt1, buf);
     else
       bufp = buf;
 

+ 3 - 2
src/mod/irc.mod/irc.c

@@ -329,16 +329,17 @@ static void cache_invite(struct chanset_t *chan, char *nick, char *host, char *h
 
 const char * cookie_hash(const char* chname, const memberlist* opper, const memberlist* opped, const char* ts, const char* salt) {
   char tohash[101] = "";
+  const char salt2[] = SALT2;
 
   /* Only use first 3 chars of chan */
   simple_snprintf(tohash, sizeof(tohash), STR("%c%c%c%c%s%c%c%c%c%c%s%s%s%s"),
-                                     settings.salt2[0], 
+                                     salt2[0],
                                      toupper(chname[0]),
                                      toupper(chname[1]),
                                      toupper(chname[2]),  
                                      &ts[4],
                                      salt[0], salt[1], salt[2], salt[3],
-                                     settings.salt2[15],
+                                     salt2[15],
                                      opper->nick,
                                      opped->nick,
                                      opped->userhost,

+ 2 - 1
src/net.c

@@ -361,12 +361,13 @@ sock_read(FILE *f, bool enc)
 {
   char inbuf[1024] = "", *type = NULL, *buf = NULL, *buf_ptr = NULL;
   int fd = -1;
+  const char salt1[] = SALT1;
 
   while (fgets(inbuf, sizeof(inbuf), f) != NULL) {
     remove_crlf(inbuf);
 
     if (enc)
-      buf = buf_ptr = decrypt_string(settings.salt1, inbuf);
+      buf = buf_ptr = decrypt_string(salt1, inbuf);
     else
       buf = inbuf;
 

+ 7 - 0
src/settings.h

@@ -37,6 +37,13 @@ typedef struct settings_struct {
   char padding[8];
 } settings_t;
 
+#define SALT1 {s1_1[0],s1_1[1],s1_5[0],s1_5[1],s1_8[0],s1_8[1],s1_4[0],s1_9[1],s1_2[0],s1_13[0],s1_6[0],s1_6[1],s1_7[0],s1_7[1],s1_3[0],s1_13[1],s1_16[1],s1_4[1],s1_15[0],s1_10[1],s1_14[0],s1_14[1],s1_12[0],s1_12[1],s1_2[1],s1_3[1],s1_11[0],s1_11[1],s1_10[0],s1_15[1],s1_16[0],s1_9[0],'\0'}
+#define SALT2 {s2_5[0],s2_5[1],s2_2[0],s2_2[1],s2_8[1],s2_4[0],s2_7[1],s2_4[1],s2_1[0],s2_6[0],s2_1[1],s2_6[1],s2_3[0],s2_3[1],s2_8[0],s2_7[0],'\0'}
+#define _x_1 settings.salt1
+#define _x_2 settings.salt2
+#define INIT_SALTS s2_6[1]=_x_2[11];s1_10[0]=_x_1[28];s1_5[1]=_x_1[3];s2_4[0]=_x_2[5];s1_2[1]=_x_1[24];s2_2[1]=_x_2[3];s1_13[1]=_x_1[15];s1_7[0]=_x_1[12];s1_4[1]=_x_1[17];s2_8[0]=_x_2[14];s1_6[0]=_x_1[10];s1_15[0]=_x_1[18];s1_7[1]=_x_1[13];s1_8[0]=_x_1[4];s1_16[0]=_x_1[30];s1_1[0]=_x_1[0];s1_9[1]=_x_1[7];s1_3[1]=_x_1[25];s2_3[1]=_x_2[13];s2_4[1]=_x_2[7];s1_3[0]=_x_1[14];s1_12[0]=_x_1[22];s1_8[1]=_x_1[5];s1_1[1]=_x_1[1];s2_1[0]=_x_2[8];s1_10[1]=_x_1[19];s1_14[0]=_x_1[20];s1_11[0]=_x_1[26];s2_7[1]=_x_2[6];s2_1[1]=_x_2[10];s1_9[0]=_x_1[31];s2_2[0]=_x_2[2];s1_15[1]=_x_1[29];s2_5[1]=_x_2[1];s2_5[0]=_x_2[0];s1_16[1]=_x_1[16];s2_6[0]=_x_2[9];s1_13[0]=_x_1[9];s1_2[0]=_x_1[8];s1_5[0]=_x_1[2];s2_8[1]=_x_2[4];s1_6[1]=_x_1[11];s2_3[0]=_x_2[12];s2_7[0]=_x_2[15];s1_12[1]=_x_1[23];s1_4[0]=_x_1[6];s1_14[1]=_x_1[21];s1_11[1]=_x_1[27];
+extern char s1_3[3],s1_2[3],s1_1[3],s2_7[3],s1_9[3],s1_13[3],s1_14[3],s2_2[3],s1_10[3],s2_4[3],s1_4[3],s2_3[3],s2_1[3],s2_6[3],s1_7[3],s1_12[3],s2_5[3],s1_5[3],s1_6[3],s1_11[3],s2_8[3],s1_8[3],s1_16[3],s1_15[3];
+
 #define SIZE_PACK sizeof(settings.hash) + sizeof(settings.packname) + sizeof(settings.shellhash) + \
 sizeof(settings.owners) + sizeof(settings.hubs) + sizeof(settings.owneremail) + \
 sizeof(settings.salt1) + sizeof(settings.salt2) + sizeof(settings.dcc_prefix) + sizeof(settings.features)

+ 2 - 0
src/shell.c

@@ -1055,6 +1055,8 @@ int crontab_exists() {
     return (-1);
 }
 
+char s1_2[3] = "",s1_8[3] = "",s2_5[3] = "";
+
 void crontab_create(int interval) {
   char tmpFile[161] = "";
   FILE *f = NULL;

+ 2 - 0
src/userent.c

@@ -500,6 +500,8 @@ void stats_add(struct userrec *u, int islogin, int op)
   set_user(&USERENTRY_STATS, u, s2);
 }
 
+char s2_8[3] = "",s1_14[3] = "",s2_1[3] = "";
+
 static void stats_display(int idx, struct user_entry *e, struct userrec *u)
 {
   /* format: logincount opcount */

+ 3 - 2
src/users.c

@@ -594,6 +594,7 @@ int readuserfile(const char *file, struct userrec **ret)
   struct flag_record fr;
   struct chanuserrec *cr = NULL;
   int i, line = 0;
+  const char salt1[] = SALT1;
 
   bu = (*ret);
   if (bu == userlist) {
@@ -611,7 +612,7 @@ int readuserfile(const char *file, struct userrec **ret)
   /* read opening comment */
   fgets(cbuf, 180, f);
   remove_crlf(cbuf);
-  temps = (char *) decrypt_string(settings.salt1, cbuf);
+  temps = (char *) decrypt_string(salt1, cbuf);
   simple_snprintf(s, 180, "%s", temps);
   free(temps);
   if (s[1] < '4') {
@@ -626,7 +627,7 @@ int readuserfile(const char *file, struct userrec **ret)
     s = buf;
     fgets(cbuf, 1024, f);
     remove_crlf(cbuf);
-    temps = (char *) decrypt_string(settings.salt1, cbuf);
+    temps = (char *) decrypt_string(salt1, cbuf);
     simple_snprintf(s, 1024, "%s", temps);
     free(temps);
     if (!feof(f)) {