Ver Fonte

* More use of OPENSSL_cleanse

svn: 3975
Bryan Drewery há 17 anos atrás
pai
commit
da77ef767f
2 ficheiros alterados com 6 adições e 2 exclusões
  1. 2 0
      src/crypt.c
  2. 4 2
      src/enclink.c

+ 2 - 0
src/crypt.c

@@ -90,6 +90,7 @@ char *encrypt_string(const char *keydata, char *in)
   bdata = encrypt_binary(keydata, (unsigned char *) in, &len);
   if (keydata && *keydata) {
     res = b64enc(bdata, len);
+    OPENSSL_cleanse(bdata, len);
     free(bdata);
     return res;
   } else {
@@ -105,6 +106,7 @@ char *decrypt_string(const char *keydata, char *in)
   if (keydata && *keydata) {
     buf = b64dec((const unsigned char *) in, &len);
     res = (char *) decrypt_binary(keydata, (unsigned char *) buf, &len);
+    OPENSSL_cleanse(buf, len);
     free(buf);
     return res;
   } else {

+ 4 - 2
src/enclink.c

@@ -111,6 +111,7 @@ static int ghost_read(int snum, char *src, size_t *len)
   char *line = decrypt_string(socklist[snum].ikey, src);
 
   strcpy(src, line);
+  OPENSSL_cleanse(line, strlen(line) + 1);
   free(line);
   if (socklist[snum].iseed) {
     *(dword *) & socklist[snum].ikey[0] = prand(&socklist[snum].iseed, 0xFFFFFFFF);
@@ -130,8 +131,9 @@ static char *ghost_write(int snum, char *src, size_t *len)
   char *srcbuf = NULL, *buf = NULL, *line = NULL, *eol = NULL, *eline = NULL;
   size_t bufpos = 0;
 
-  srcbuf = (char *) my_calloc(1, *len + 9 + 1);
-  strcpy(srcbuf, src);
+  const size_t bufsiz = *len + 9 + 1;
+  srcbuf = (char *) my_calloc(1, bufsiz);
+  strlcpy(srcbuf, src, bufsiz);
   line = srcbuf;
 
   eol = strchr(line, '\n');