This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/external-1.15.2.x in repository vcxsrv. commit 48071af7114015fbec292e0483cbd12696ccd430 Author: Simon Tatham <anakin@pobox.com> Date: Sun Mar 1 12:55:31 2015 +0000 Add some missing smemclrs and sfrees. The absence of these could have prevented sensitive private key information from being properly cleared out of memory that PuTTY tools had finished with. Thanks to Patrick Coleman for spotting this and sending a patch. Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=65f69bca73... Bug: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-w... Bug-Debian: http://bugs.debian.org/779488 Patch-Name: private-key-not-wiped-2.patch --- tools/plink/sshpubk.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/plink/sshpubk.c b/tools/plink/sshpubk.c index ac9e0fa..2b5213b 100644 --- a/tools/plink/sshpubk.c +++ b/tools/plink/sshpubk.c @@ -844,6 +844,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, goto error; } sfree(public_blob); + smemclr(private_blob, private_blob_len); sfree(private_blob); sfree(encryption); if (errorstr) @@ -864,8 +865,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, sfree(mac); if (public_blob) sfree(public_blob); - if (private_blob) - sfree(private_blob); + if (private_blob) { + smemclr(private_blob, private_blob_len); + sfree(private_blob); + } if (errorstr) *errorstr = error; return ret; @@ -1154,8 +1157,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key, } fp = f_open(filename, "w", TRUE); - if (!fp) - return 0; + if (!fp) { + sfree(pub_blob); + smemclr(priv_blob, priv_blob_len); + sfree(priv_blob); + smemclr(priv_blob_encrypted, priv_blob_len); + sfree(priv_blob_encrypted); + return 0; + } fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name); fprintf(fp, "Encryption: %s\n", cipherstr); fprintf(fp, "Comment: %s\n", key->comment); @@ -1172,6 +1181,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key, sfree(pub_blob); smemclr(priv_blob, priv_blob_len); sfree(priv_blob); + smemclr(priv_blob_encrypted, priv_blob_len); sfree(priv_blob_encrypted); return 1; } -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git