diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2010-09-27 10:53:59 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-09-27 10:53:59 +0200 |
commit | fcbd1913f9bf4e243d037ce72d5301b13db0f226 (patch) | |
tree | 26d5f4afa70bd4fa7aac327febc7ecaeebd1ccc4 /common | |
parent | 3685461592b9adc3f0cc569a391e9e27dd28f21f (diff) | |
download | eurephia-fcbd1913f9bf4e243d037ce72d5301b13db0f226.tar.gz eurephia-fcbd1913f9bf4e243d037ce72d5301b13db0f226.tar.xz eurephia-fcbd1913f9bf4e243d037ce72d5301b13db0f226.zip |
Harden memory management in passwd.c
Do a mlock() call on all buffers used by the password hashing algorithms,
to make sure these data segments never will be written to swap.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to 'common')
-rw-r--r-- | common/passwd.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/common/passwd.c b/common/passwd.c index 8a35f55..8b2daa6 100644 --- a/common/passwd.c +++ b/common/passwd.c @@ -51,6 +51,7 @@ #include <stdbool.h> #include <sys/param.h> #include <sys/types.h> +#include <sys/mman.h> #include <assert.h> #include <time.h> #include <unistd.h> @@ -472,6 +473,8 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) { buffer = (char *) malloc_nullsafe(ctx, buflen); assert(buffer != NULL); + mlock(buffer, buflen); + mlock(&saltstr, MAX_SALT_LEN+22); // Get default max rounds for hashing if( maxrounds == 0 ) { @@ -491,6 +494,7 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) { tmp = malloc_nullsafe(ctx, saltlen+2); assert(tmp != NULL); + mlock(tmp, saltlen+2); memset(&saltstr, 0, MAX_SALT_LEN+22); // Get default min rounds for hashing @@ -520,6 +524,7 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) { strncpy(saltstr, saltinfo, strlen(saltinfo)); strncat(saltstr, tmp, saltlen - strlen(saltinfo)); memset(tmp, 0, saltlen+2); + munlock(tmp, saltlen+2); free_nullsafe(ctx, tmp); } else { // If we have a salt, use it @@ -527,7 +532,10 @@ char *eurephia_pwd_crypt(eurephiaCTX *ctx, const char *key, const char *salt) { } // For some reason, if not strdup()ing 'buffer' and returning buffer it causes a memory leak result = strdup_nullsafe(sha512_crypt_r(key, saltstr, maxrounds, buffer, buflen)); + memset(buffer, 0, buflen); + munlock(buffer, buflen); free_nullsafe(NULL, buffer); + munlock(&saltstr, MAX_SALT_LEN+22); return result; } @@ -560,8 +568,12 @@ char *eurephia_quick_hash(const char *salt, const char *pwd) { } else { tmp = strdup_nullsafe(pwd); } + mlock(tmp, strlen_nullsafe(tmp)); + // Generate SHA512 hash of password + mlock(&sha, sizeof(SHA512Context)); memset(&sha, 0, sizeof(SHA512Context)); + mlock(&sha_res, sizeof(sha_res)); memset(&sha_res, 0, sizeof(sha_res)); SHA512Init(&sha); SHA512Update(&sha, tmp, len); @@ -580,6 +592,12 @@ char *eurephia_quick_hash(const char *salt, const char *pwd) { // Cleanup - remove hash data from memory memset(&sha, 0, sizeof(SHA512Context)); memset(&sha_res, 0, sizeof(sha_res)); + munlock(&sha, sizeof(SHA512Context)); + munlock(&sha_res, sizeof(sha_res)); + + len = strlen_nullsafe(tmp); + memset(tmp, 0, len); + munlock(tmp, len); free_nullsafe(NULL, tmp); return ret; |