Hi tech@,
After we are done with sensitive data (such as passwords) on readpassphrase(3)
we should dispose it with explicit_bzero(3), nevertheless some base
applications still rely either on bzero(3), memset(3), or something else
entirely.
Please find a diff below to change it to explicit_bzero(3). At least for
init(8) I recall having discussed this with tb@ aeons ago and it's a little bit
paranoid since it only occurs during single user, but we should give the
example anyway.
Thoughts? Am I missing somethings? Most likely yes...
Best regards
mestre
Index: sbin/init/init.c
===================================================================
RCS file: /cvs/src/sbin/init/init.c,v
retrieving revision 1.63
diff -u -p -u -r1.63 init.c
--- sbin/init/init.c 2 Mar 2017 10:38:09 -0000 1.63
+++ sbin/init/init.c 4 Apr 2017 08:50:53 -0000
@@ -561,12 +561,13 @@ f_single_user(void)
write(STDERR_FILENO, banner, sizeof banner - 1);
for (;;) {
int ok = 0;
- clear = readpassphrase("Password:", pbuf,
sizeof(pbuf), RPP_ECHO_OFF);
+ clear = readpassphrase("Password:", pbuf,
+ sizeof(pbuf), RPP_ECHO_OFF);
if (clear == NULL || *clear == '\0')
_exit(0);
if (crypt_checkpass(clear, pp->pw_passwd) == 0)
ok = 1;
- memset(clear, 0, strlen(clear));
+ explicit_bzero(clear, strlen(clear));
if (ok)
break;
warning("single-user login failed\n");
Index: usr.bin/encrypt/encrypt.c
===================================================================
RCS file: /cvs/src/usr.bin/encrypt/encrypt.c,v
retrieving revision 1.45
diff -u -p -u -r1.45 encrypt.c
--- usr.bin/encrypt/encrypt.c 4 Sep 2016 15:36:13 -0000 1.45
+++ usr.bin/encrypt/encrypt.c 4 Apr 2017 08:51:00 -0000
@@ -134,6 +134,7 @@ main(int argc, char **argv)
err(1, "readpassphrase");
print_passwd(string, operation, extra);
(void)fputc('\n', stdout);
+ explicit_bzero(string, sizeof(string));
} else {
size_t len;
/* Encrypt stdin to stdout. */
Index: usr.bin/lock/lock.c
===================================================================
RCS file: /cvs/src/usr.bin/lock/lock.c,v
retrieving revision 1.33
diff -u -p -u -r1.33 lock.c
--- usr.bin/lock/lock.c 28 May 2016 16:11:10 -0000 1.33
+++ usr.bin/lock/lock.c 4 Apr 2017 08:51:00 -0000
@@ -162,7 +162,7 @@ main(int argc, char *argv[])
warnx("\apasswords didn't match.");
exit(1);
}
- s[0] = '\0';
+ explicit_bzero(s, sizeof(s));
}
/* set signal handlers */
@@ -205,10 +205,16 @@ main(int argc, char *argv[])
p = NULL;
else
p = s;
- if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p))
+ if (auth_userokay(pw->pw_name, nstyle, "auth-lock",
+ p)) {
+ explicit_bzero(s, sizeof(s));
break;
- } else if (strcmp(s, s1) == 0)
+ }
+ } else if (strcmp(s, s1) == 0) {
+ explicit_bzero(s, sizeof(s));
+ explicit_bzero(s1, sizeof(s1));
break;
+ }
(void)putc('\a', stderr);
cnt %= tries;
if (++cnt > backoff) {
Index: usr.bin/nc/socks.c
===================================================================
RCS file: /cvs/src/usr.bin/nc/socks.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 socks.c
--- usr.bin/nc/socks.c 27 Jun 2016 14:43:04 -0000 1.24
+++ usr.bin/nc/socks.c 4 Apr 2017 08:51:01 -0000
@@ -350,10 +350,13 @@ socks_connect(const char *host, const ch
proxypass = getproxypass(proxyuser, proxyhost);
r = snprintf(buf, sizeof(buf), "%s:%s",
proxyuser, proxypass);
+ explicit_bzero(proxypass, sizeof(proxypass));
if (r == -1 || (size_t)r >= sizeof(buf) ||
b64_ntop(buf, strlen(buf), resp,
- sizeof(resp)) == -1)
+ sizeof(resp)) == -1) {
+ explicit_bzero(r, sizeof(r));
errx(1, "Proxy username/password too long");
+ }
r = snprintf(buf, sizeof(buf), "Proxy-Authorization: "
"Basic %s\r\n", resp);
if (r == -1 || (size_t)r >= sizeof(buf))
Index: usr.bin/skey/skey.c
===================================================================
RCS file: /cvs/src/usr.bin/skey/skey.c,v
retrieving revision 1.33
diff -u -p -u -r1.33 skey.c
--- usr.bin/skey/skey.c 1 Dec 2015 00:00:19 -0000 1.33
+++ usr.bin/skey/skey.c 4 Apr 2017 08:51:01 -0000
@@ -122,8 +122,12 @@ main(int argc, char *argv[])
exit(1);
/* Crunch seed and passphrase into starting key */
- if (keycrunch(key, seed, passwd) != 0)
+ if (keycrunch(key, seed, passwd) != 0) {
+ explicit_bzero(passwd, sizeof(passwd));
errx(1, "key crunch failed");
+ }
+
+ explicit_bzero(passwd, sizeof(passwd));
if (cnt == 1) {
while (n-- != 0)
Index: usr.bin/x99token/x99token.c
===================================================================
RCS file: /cvs/src/usr.bin/x99token/x99token.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 x99token.c
--- usr.bin/x99token/x99token.c 15 Oct 2015 19:30:03 -0000 1.12
+++ usr.bin/x99token/x99token.c 4 Apr 2017 08:51:02 -0000
@@ -169,8 +169,8 @@ main(int argc, char **argv)
predict(ks, buf, cnt);
- memset(&ks, 0, sizeof(ks));
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(&ks, sizeof(ks));
+ explicit_bzero(buf, sizeof(buf));
exit(0);
}
Index: usr.sbin/tokeninit/tokeninit.c
===================================================================
RCS file: /cvs/src/usr.sbin/tokeninit/tokeninit.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 tokeninit.c
--- usr.sbin/tokeninit/tokeninit.c 22 Mar 2016 00:06:55 -0000 1.12
+++ usr.sbin/tokeninit/tokeninit.c 4 Apr 2017 08:51:04 -0000
@@ -149,7 +149,7 @@ main(int argc, char **argv)
tt->name);
exit(1);
}
- memset(secret, 0, sizeof(secret));
+ explicit_bzero(secret, sizeof(secret));
if (parse_secret(hexformat, seed, secret)) {
fprintf(stderr,
"%sinit: Invalid secret entered.\n",
