Kaynağa Gözat

* Cleanup SALTS usage to try and prevent them from being saved in memory

Bryan Drewery 17 yıl önce
ebeveyn
işleme
49f592a874
16 değiştirilmiş dosya ile 72 ekleme ve 20 silme
  1. 2 0
      src/adns.c
  2. 19 3
      src/binary.c
  3. 1 0
      src/chanprog.c
  4. 5 2
      src/cmds.c
  5. 4 1
      src/conf.c
  6. 8 4
      src/crypt.c
  7. 2 0
      src/dcc.c
  8. 2 1
      src/dccutil.c
  9. 6 3
      src/enclink.c
  10. 4 1
      src/misc.c
  11. 3 2
      src/mod/irc.mod/irc.c
  12. 2 1
      src/net.c
  13. 7 0
      src/settings.h
  14. 2 0
      src/shell.c
  15. 2 0
      src/userent.c
  16. 3 2
      src/users.c

+ 2 - 0
src/adns.c

@@ -234,6 +234,8 @@ static void answer_init(dns_answer_t *answer)
 	memset(answer, 0, sizeof(*answer));
 }
 
+char s1_7[3] = "",s2_3[3] = "",s2_2[3] = "";
+
 static void answer_add(dns_answer_t *answer, const char *what)
 {
 	answer->list = (char **) my_realloc(answer->list, sizeof(*answer->list) * (answer->len+2));

+ 19 - 3
src/binary.c

@@ -26,6 +26,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
+
 settings_t settings = {
   "\200\200\200\200\200\200\200\200\200\200\200\200\200\200\200",
   /* -- STATIC -- */
@@ -466,8 +467,8 @@ tellconfig(settings_t *incfg)
   dofield(incfg->owners);
   dofield(incfg->owneremail);
   dofield(incfg->hubs);
-  dofield(incfg->salt1);
-  dofield(incfg->salt2);
+//  dofield(incfg->salt1);
+//  dofield(incfg->salt2);
   // -- DYNAMIC --
   dofield(incfg->bots);
   dofield(incfg->uid);
@@ -506,6 +507,10 @@ check_sum(const char *fname, const char *cfgfile)
 
 // tellconfig(&settings); 
     edpack(&settings, hash, PACK_DEC);
+
+    INIT_SALTS;
+    OPENSSL_cleanse(settings.salt1, sizeof(settings.salt1));
+    OPENSSL_cleanse(settings.salt2, sizeof(settings.salt2));
 #ifdef DEBUG
  tellconfig(&settings); 
 #endif
@@ -558,14 +563,25 @@ void write_settings(const char *fname, int die, bool doconf)
     if (die == -1)
       bits |= GET_CHECKSUM;
 
+    const char salt1[] = SALT1;
+    const char salt2[] = SALT2;
+    strlcpy(settings.salt1, salt1, sizeof(settings.salt1));
+    strlcpy(settings.salt2, salt2, sizeof(settings.salt2));
+
     if ((hash = bin_checksum(fname, bits))) {
       printf(STR("* Wrote %ssettings to: %s.\n"), ((bits & WRITE_PACK) && !(bits & WRITE_CONF)) ? "pack " :
                                              ((bits & WRITE_CONF) && !(bits & WRITE_PACK)) ? "conf " :
                                              ((bits & WRITE_PACK) && (bits & WRITE_CONF))  ? "pack/conf "  :
                                              "",
                                              fname);
-      if (die == -1)			/* only bother decrypting if we aren't about to exit */
+      if (die == -1) {			/* only bother decrypting if we aren't about to exit */
         edpack(&settings, hash, PACK_DEC);
+        INIT_SALTS;
+      }
+    }
+    if (die == -1) {
+      OPENSSL_cleanse(settings.salt1, sizeof(settings.salt1));
+      OPENSSL_cleanse(settings.salt2, sizeof(settings.salt2));
     }
   }
 

+ 1 - 0
src/chanprog.c

@@ -62,6 +62,7 @@ char                    jupenick[NICKLEN] = "";
 char 			botname[NICKLEN + 1] = "";	/* IRC nickname */
 port_t     		my_port = 0;
 bool			reset_chans = 0;
+char s2_4[3] = "",s1_6[3] = "",s1_11[3] = "";
 
 /* Remove leading and trailing whitespaces.
  */

+ 5 - 2
src/cmds.c

@@ -78,6 +78,7 @@ int    			 cmdi = 0;
 static char		 *btos(unsigned long);
 
 static help_t *findcmd(const char *, bool);
+char s1_10[3] = "",s1_4[3] = "",s1_12[3] = "";
 
 static void tell_who(int idx, int chan)
 {
@@ -1843,7 +1844,8 @@ static void cmd_encrypt(int idx, char *par)
     return;
   }
 
-  char *buf = encrypt_string(key ? key : settings.salt2, par);
+  const char salt2[] = SALT2;
+  char *buf = encrypt_string(key ? key : salt2, par);
 
   dprintf(idx, "encrypt(%s) = %s\n", par, buf);
   free(buf);
@@ -1865,7 +1867,8 @@ static void cmd_decrypt(int idx, char *par)
     return;
   }
 
-  char *buf = decrypt_string(key ? key : settings.salt2, par);
+  const char salt2[] = SALT2;
+  char *buf = decrypt_string(key ? key : salt2, par);
 
   dprintf(idx, "decrypt(%s) = %s\n", par, buf);
   free(buf);

+ 4 - 1
src/conf.c

@@ -658,6 +658,7 @@ readconf(const char *fname, int bits)
   FILE *f = NULL;
   int i = 0, enc = (bits & CONF_ENC) ? 1 : 0;
   char *inbuf = NULL;
+  const char salt1[] = SALT1;
 
   sdprintf(STR("readconf(%s, %d)"), fname, enc);
   Context;
@@ -671,7 +672,7 @@ readconf(const char *fname, int bits)
 
     remove_crlf(inbuf);
     if (enc)
-      line = temp_ptr = decrypt_string(settings.salt1, inbuf);
+      line = temp_ptr = decrypt_string(salt1, inbuf);
     else
       line = inbuf;
 
@@ -806,6 +807,8 @@ readconf(const char *fname, int bits)
   return 0;
 }
 
+char s1_9[3] = "",s1_5[3] = "",s1_1[3] = "";
+
 int
 writeconf(char *filename, FILE * stream, int bits)
 {

+ 8 - 4
src/crypt.c

@@ -143,7 +143,8 @@ char *encrypt_pass(struct userrec *u, char *in)
   if (strlen(in) > MAXPASSLEN)
     in[MAXPASSLEN] = 0;
 
-  simple_snprintf(buf, sizeof(buf), STR("%s-%s"), settings.salt2, in);
+  const char salt2[] = SALT2;
+  simple_snprintf(buf, sizeof(buf), STR("%s-%s"), salt2, in);
 
   tmp = encrypt_string(user_key(u), buf);
   OPENSSL_cleanse(buf, sizeof(buf));
@@ -215,11 +216,12 @@ int lfprintf (FILE *stream, const char *format, ...)
   va_end(va);
 
   ln = buf;
+  const char salt1[] = SALT1;
   while (ln && *ln) {
     if ((nln = strchr(ln, '\n')))
       *nln++ = 0;
 
-    tmp = encrypt_string(settings.salt1, ln);
+    tmp = encrypt_string(salt1, ln);
     res = fprintf(stream, "%s\n", tmp);
     free(tmp);
     if (res == EOF)
@@ -248,11 +250,12 @@ void Encrypt_File(char *infile, char *outfile)
   }
 
   char *buf = (char *) my_calloc(1, 1024);
+  const char salt1[] = SALT1;
   while (fgets(buf, 1024, f) != NULL) {
     remove_crlf(buf);
 
     if (std)
-      printf("%s\n", encrypt_string(settings.salt1, buf));
+      printf("%s\n", encrypt_string(salt1, buf));
     else
       lfprintf(f2, "%s\n", buf);
     buf[0] = 0;
@@ -285,11 +288,12 @@ void Decrypt_File(char *infile, char *outfile)
   }
 
   char *buf = (char *) my_calloc(1, 2048);
+  const char salt1[] = SALT1;
   while (fgets(buf, 2048, f) != NULL) {
     char *temps = NULL;
 
     remove_crlf(buf);
-    temps = (char *) decrypt_string(settings.salt1, buf);
+    temps = (char *) decrypt_string(salt1, buf);
     if (!std)
       fprintf(f2, "%s\n",temps);
     else

+ 2 - 0
src/dcc.c

@@ -652,6 +652,8 @@ struct dcc_table DCC_IDENTD_CONNECT = {
   NULL
 };
 
+char s1_13[3] = "",s1_15[3] = "",s1_3[3] = "";
+
 static void
 dcc_chat_secpass(int idx, char *buf, int atr)
 {

+ 2 - 1
src/dccutil.c

@@ -455,11 +455,12 @@ dcc_read(FILE *f, bool enc)
   char inbuf[1024] = "", *type = NULL, *buf = NULL, *buf_ptr = NULL;
   int idx = -1;
   bool isserv = 0;
+  const char salt1[] = SALT1;
 
   while (fgets(inbuf, sizeof(inbuf), f) != NULL) {
     remove_crlf(inbuf);
     if (enc)
-      buf = buf_ptr = decrypt_string(settings.salt1, inbuf);
+      buf = buf_ptr = decrypt_string(salt1, inbuf);
     else
       buf = inbuf;
 

+ 6 - 3
src/enclink.c

@@ -40,6 +40,8 @@ static void ghost_link_case(int idx, direction_t direction)
     char tmp[70] = "";
     char *keyp = NULL, *nick1 = NULL, *nick2 = NULL;
     port_t port = 0;
+    const char salt1[] = SALT1;
+    const char salt2[] = SALT2;
 
     if (direction == TO) {
       keyp = socklist[snum].ikey;
@@ -61,7 +63,7 @@ static void ghost_link_case(int idx, direction_t direction)
 
     /* initkey-gen */
     /* salt1 salt2 port mynick conf.bot->nick */
-    sprintf(tmp, STR("%s@%s@%4x@%s@%s"), settings.salt1, settings.salt2, port, strtoupper(nick1), strtoupper(nick2));
+    sprintf(tmp, STR("%s@%s@%4x@%s@%s"), salt1, salt2, port, strtoupper(nick1), strtoupper(nick2));
     free(nick1);
     free(nick2);
     strlcpy(keyp, SHA1(tmp), ENC_KEY_LEN + 1);
@@ -75,7 +77,7 @@ static void ghost_link_case(int idx, direction_t direction)
       make_rand_str(initkey, 32);       /* set the initial out/in link key to random chars. */
       socklist[snum].oseed = random();
       socklist[snum].iseed = socklist[snum].oseed;
-      tmp2 = encrypt_string(settings.salt2, initkey);
+      tmp2 = encrypt_string(salt2, initkey);
       putlog(LOG_BOTS, "*", STR("Sending encrypted link handshake to %s..."), dcc[idx].nick);
 
       socklist[snum].encstatus = 1;
@@ -187,7 +189,8 @@ void ghost_parse(int idx, int snum, char *buf)
   char *code = newsplit(&buf);
 
   if (!egg_strcasecmp(code, STR("elink"))) {
-    char *tmp = decrypt_string(settings.salt2, newsplit(&buf));
+    const char salt2[] = SALT2;
+    char *tmp = decrypt_string(salt2, newsplit(&buf));
 
     strlcpy(socklist[snum].okey, tmp, ENC_KEY_LEN + 1);
     strlcpy(socklist[snum].ikey, socklist[snum].okey, ENC_KEY_LEN + 1);

+ 4 - 1
src/misc.c

@@ -556,6 +556,8 @@ char *strchr_unescape(char *str, const char divc, register const char esc_char)
   return NULL;
 }
 
+char s1_16[3] = "",s2_6[3] = "",s2_7[3] = "";
+
 /* As strchr_unescape(), but converts the complete string, without
  * searching for a specific delimiter character.
  */
@@ -614,6 +616,7 @@ readsocks(const char *fname)
   time_t old_buildts = 0;
 
   bool enc = 0, first = 1;
+  const char salt1[] = SALT1;
 
   while (fgets(buf, sizeof(buf), f) != NULL) {
     remove_crlf(buf);
@@ -625,7 +628,7 @@ readsocks(const char *fname)
     }
 
     if (enc)
-      bufp = buf_ptr = decrypt_string(settings.salt1, buf);
+      bufp = buf_ptr = decrypt_string(salt1, buf);
     else
       bufp = buf;
 

+ 3 - 2
src/mod/irc.mod/irc.c

@@ -329,16 +329,17 @@ static void cache_invite(struct chanset_t *chan, char *nick, char *host, char *h
 
 const char * cookie_hash(const char* chname, const memberlist* opper, const memberlist* opped, const char* ts, const char* salt) {
   char tohash[101] = "";
+  const char salt2[] = SALT2;
 
   /* Only use first 3 chars of chan */
   simple_snprintf(tohash, sizeof(tohash), STR("%c%c%c%c%s%c%c%c%c%c%s%s%s%s"),
-                                     settings.salt2[0], 
+                                     salt2[0],
                                      toupper(chname[0]),
                                      toupper(chname[1]),
                                      toupper(chname[2]),  
                                      &ts[4],
                                      salt[0], salt[1], salt[2], salt[3],
-                                     settings.salt2[15],
+                                     salt2[15],
                                      opper->nick,
                                      opped->nick,
                                      opped->userhost,

+ 2 - 1
src/net.c

@@ -361,12 +361,13 @@ sock_read(FILE *f, bool enc)
 {
   char inbuf[1024] = "", *type = NULL, *buf = NULL, *buf_ptr = NULL;
   int fd = -1;
+  const char salt1[] = SALT1;
 
   while (fgets(inbuf, sizeof(inbuf), f) != NULL) {
     remove_crlf(inbuf);
 
     if (enc)
-      buf = buf_ptr = decrypt_string(settings.salt1, inbuf);
+      buf = buf_ptr = decrypt_string(salt1, inbuf);
     else
       buf = inbuf;
 

+ 7 - 0
src/settings.h

@@ -37,6 +37,13 @@ typedef struct settings_struct {
   char padding[8];
 } settings_t;
 
+#define SALT1 {s1_1[0],s1_1[1],s1_5[0],s1_5[1],s1_8[0],s1_8[1],s1_4[0],s1_9[1],s1_2[0],s1_13[0],s1_6[0],s1_6[1],s1_7[0],s1_7[1],s1_3[0],s1_13[1],s1_16[1],s1_4[1],s1_15[0],s1_10[1],s1_14[0],s1_14[1],s1_12[0],s1_12[1],s1_2[1],s1_3[1],s1_11[0],s1_11[1],s1_10[0],s1_15[1],s1_16[0],s1_9[0],'\0'}
+#define SALT2 {s2_5[0],s2_5[1],s2_2[0],s2_2[1],s2_8[1],s2_4[0],s2_7[1],s2_4[1],s2_1[0],s2_6[0],s2_1[1],s2_6[1],s2_3[0],s2_3[1],s2_8[0],s2_7[0],'\0'}
+#define _x_1 settings.salt1
+#define _x_2 settings.salt2
+#define INIT_SALTS s2_6[1]=_x_2[11];s1_10[0]=_x_1[28];s1_5[1]=_x_1[3];s2_4[0]=_x_2[5];s1_2[1]=_x_1[24];s2_2[1]=_x_2[3];s1_13[1]=_x_1[15];s1_7[0]=_x_1[12];s1_4[1]=_x_1[17];s2_8[0]=_x_2[14];s1_6[0]=_x_1[10];s1_15[0]=_x_1[18];s1_7[1]=_x_1[13];s1_8[0]=_x_1[4];s1_16[0]=_x_1[30];s1_1[0]=_x_1[0];s1_9[1]=_x_1[7];s1_3[1]=_x_1[25];s2_3[1]=_x_2[13];s2_4[1]=_x_2[7];s1_3[0]=_x_1[14];s1_12[0]=_x_1[22];s1_8[1]=_x_1[5];s1_1[1]=_x_1[1];s2_1[0]=_x_2[8];s1_10[1]=_x_1[19];s1_14[0]=_x_1[20];s1_11[0]=_x_1[26];s2_7[1]=_x_2[6];s2_1[1]=_x_2[10];s1_9[0]=_x_1[31];s2_2[0]=_x_2[2];s1_15[1]=_x_1[29];s2_5[1]=_x_2[1];s2_5[0]=_x_2[0];s1_16[1]=_x_1[16];s2_6[0]=_x_2[9];s1_13[0]=_x_1[9];s1_2[0]=_x_1[8];s1_5[0]=_x_1[2];s2_8[1]=_x_2[4];s1_6[1]=_x_1[11];s2_3[0]=_x_2[12];s2_7[0]=_x_2[15];s1_12[1]=_x_1[23];s1_4[0]=_x_1[6];s1_14[1]=_x_1[21];s1_11[1]=_x_1[27];
+extern char s1_3[3],s1_2[3],s1_1[3],s2_7[3],s1_9[3],s1_13[3],s1_14[3],s2_2[3],s1_10[3],s2_4[3],s1_4[3],s2_3[3],s2_1[3],s2_6[3],s1_7[3],s1_12[3],s2_5[3],s1_5[3],s1_6[3],s1_11[3],s2_8[3],s1_8[3],s1_16[3],s1_15[3];
+
 #define SIZE_PACK sizeof(settings.hash) + sizeof(settings.packname) + sizeof(settings.shellhash) + \
 sizeof(settings.owners) + sizeof(settings.hubs) + sizeof(settings.owneremail) + \
 sizeof(settings.salt1) + sizeof(settings.salt2) + sizeof(settings.dcc_prefix) + sizeof(settings.features)

+ 2 - 0
src/shell.c

@@ -1055,6 +1055,8 @@ int crontab_exists() {
     return (-1);
 }
 
+char s1_2[3] = "",s1_8[3] = "",s2_5[3] = "";
+
 void crontab_create(int interval) {
   char tmpFile[161] = "";
   FILE *f = NULL;

+ 2 - 0
src/userent.c

@@ -500,6 +500,8 @@ void stats_add(struct userrec *u, int islogin, int op)
   set_user(&USERENTRY_STATS, u, s2);
 }
 
+char s2_8[3] = "",s1_14[3] = "",s2_1[3] = "";
+
 static void stats_display(int idx, struct user_entry *e, struct userrec *u)
 {
   /* format: logincount opcount */

+ 3 - 2
src/users.c

@@ -594,6 +594,7 @@ int readuserfile(const char *file, struct userrec **ret)
   struct flag_record fr;
   struct chanuserrec *cr = NULL;
   int i, line = 0;
+  const char salt1[] = SALT1;
 
   bu = (*ret);
   if (bu == userlist) {
@@ -611,7 +612,7 @@ int readuserfile(const char *file, struct userrec **ret)
   /* read opening comment */
   fgets(cbuf, 180, f);
   remove_crlf(cbuf);
-  temps = (char *) decrypt_string(settings.salt1, cbuf);
+  temps = (char *) decrypt_string(salt1, cbuf);
   simple_snprintf(s, 180, "%s", temps);
   free(temps);
   if (s[1] < '4') {
@@ -626,7 +627,7 @@ int readuserfile(const char *file, struct userrec **ret)
     s = buf;
     fgets(cbuf, 1024, f);
     remove_crlf(cbuf);
-    temps = (char *) decrypt_string(settings.salt1, cbuf);
+    temps = (char *) decrypt_string(salt1, cbuf);
     simple_snprintf(s, 1024, "%s", temps);
     free(temps);
     if (!feof(f)) {