[X2Go-Commits] [vcxsrv] 03/17: Add some missing smemclrs and sfrees.

git-admin at x2go.org git-admin at x2go.org
Sun Mar 29 16:07:23 CEST 2015


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch release/1.15.2.x
in repository vcxsrv.

commit 4c69c41137a60a7c5c04e77079837f7e9b311947
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Mar 1 12:55:31 2015 +0000

    Add some missing smemclrs and sfrees.
    
    The absence of these could have prevented sensitive private key
    information from being properly cleared out of memory that PuTTY tools
    had finished with.
    
    Thanks to Patrick Coleman for spotting this and sending a patch.
    
    Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=65f69bca7363ceceeac515ae2a82b8f8adc6404d
    Bug: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
    Bug-Debian: http://bugs.debian.org/779488
    
    Patch-Name: private-key-not-wiped-2.patch
---
 tools/plink/sshpubk.c |   18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/tools/plink/sshpubk.c b/tools/plink/sshpubk.c
index ac9e0fa..2b5213b 100644
--- a/tools/plink/sshpubk.c
+++ b/tools/plink/sshpubk.c
@@ -844,6 +844,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
 	goto error;
     }
     sfree(public_blob);
+    smemclr(private_blob, private_blob_len);
     sfree(private_blob);
     sfree(encryption);
     if (errorstr)
@@ -864,8 +865,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
 	sfree(mac);
     if (public_blob)
 	sfree(public_blob);
-    if (private_blob)
-	sfree(private_blob);
+    if (private_blob) {
+        smemclr(private_blob, private_blob_len);
+        sfree(private_blob);
+    }
     if (errorstr)
 	*errorstr = error;
     return ret;
@@ -1154,8 +1157,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
     }
 
     fp = f_open(filename, "w", TRUE);
-    if (!fp)
-	return 0;
+    if (!fp) {
+        sfree(pub_blob);
+        smemclr(priv_blob, priv_blob_len);
+        sfree(priv_blob);
+        smemclr(priv_blob_encrypted, priv_blob_len);
+        sfree(priv_blob_encrypted);
+        return 0;
+    }
     fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name);
     fprintf(fp, "Encryption: %s\n", cipherstr);
     fprintf(fp, "Comment: %s\n", key->comment);
@@ -1172,6 +1181,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
     sfree(pub_blob);
     smemclr(priv_blob, priv_blob_len);
     sfree(priv_blob);
+    smemclr(priv_blob_encrypted, priv_blob_len);
     sfree(priv_blob_encrypted);
     return 1;
 }

--
Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git


More information about the x2go-commits mailing list