On Thu, May 11, 2017 at 11:33:10AM +0100, Ricardo Mestre wrote:
> Hi,
>
> This converts explicit_bzero+free to freezero on smtpd(8).
>
> OK?
Sorry i was away from town
I'll have a look at freezero() tomorrow as I missed most of the
discussion about its semantics and I'll ok then
Thanks
> Index: ca.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v
> retrieving revision 1.26
> diff -u -p -u -r1.26 ca.c
> --- ca.c 9 Jan 2017 09:53:23 - 1.26
> +++ ca.c 11 May 2017 10:16:47 -
> @@ -142,8 +142,7 @@ ca_init(void)
>
> pki->pki_pkey = pkey;
>
> - explicit_bzero(pki->pki_key, pki->pki_key_len);
> - free(pki->pki_key);
> + freezero(pki->pki_key, pki->pki_key_len);
> pki->pki_key = NULL;
> }
> }
> Index: config.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/config.c,v
> retrieving revision 1.37
> diff -u -p -u -r1.37 config.c
> --- config.c 1 Sep 2016 10:54:25 - 1.37
> +++ config.c 11 May 2017 10:16:48 -
> @@ -70,12 +70,8 @@ purge_config(uint8_t what)
> }
> if (what & PURGE_PKI) {
> while (dict_poproot(env->sc_pki_dict, (void **))) {
> - explicit_bzero(p->pki_cert, p->pki_cert_len);
> - free(p->pki_cert);
> - if (p->pki_key) {
> - explicit_bzero(p->pki_key, p->pki_key_len);
> - free(p->pki_key);
> - }
> + freezero(p->pki_cert, p->pki_cert_len);
> + freezero(p->pki_key, p->pki_key_len);
> if (p->pki_pkey)
> EVP_PKEY_free(p->pki_pkey);
> free(p);
> @@ -86,14 +82,10 @@ purge_config(uint8_t what)
> iter_dict = NULL;
> while (dict_iter(env->sc_pki_dict, _dict, ,
> (void **))) {
> - explicit_bzero(p->pki_cert, p->pki_cert_len);
> - free(p->pki_cert);
> + freezero(p->pki_cert, p->pki_cert_len);
> p->pki_cert = NULL;
> - if (p->pki_key) {
> - explicit_bzero(p->pki_key, p->pki_key_len);
> - free(p->pki_key);
> - p->pki_key = NULL;
> - }
> + freezero(p->pki_key, p->pki_key_len);
> + p->pki_key = NULL;
> if (p->pki_pkey)
> EVP_PKEY_free(p->pki_pkey);
> p->pki_pkey = NULL;
> Index: mta_session.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v
> retrieving revision 1.96
> diff -u -p -u -r1.96 mta_session.c
> --- mta_session.c 30 Nov 2016 17:43:32 - 1.96
> +++ mta_session.c 11 May 2017 10:16:50 -
> @@ -341,8 +341,7 @@ mta_session_imsg(struct mproc *p, struct
> fatal("mta: ssl_mta_init");
> io_start_tls(s->io, ssl);
>
> - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> - free(resp_ca_cert->cert);
> + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> free(resp_ca_cert);
> return;
>
> Index: smtp_session.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
> retrieving revision 1.302
> diff -u -p -u -r1.302 smtp_session.c
> --- smtp_session.c30 Nov 2016 17:43:32 - 1.302
> +++ smtp_session.c11 May 2017 10:16:54 -
> @@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struc
> io_set_read(s->io);
> io_start_tls(s->io, ssl);
>
> - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> - free(resp_ca_cert->cert);
> + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> free(resp_ca_cert);
> return;
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg