diff options
| author | Thomas Haller <thaller@redhat.com> | 2018-08-30 11:27:04 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2018-09-04 07:38:30 +0200 |
| commit | 4c996da5bcdb4c82b5398e8310194cbe3d28d157 (patch) | |
| tree | 85765312057f35fdb1e5a9e330501ca86ff4d3ae | |
| parent | 105254a15b3310a70ab43e5298cd3ebfebc47b51 (diff) | |
| download | NetworkManager-4c996da5bcdb4c82b5398e8310194cbe3d28d157.tar.gz | |
libnm/crypto: use nm_explicit_bzero() instead of plain memset()
| -rw-r--r-- | libnm-core/nm-crypto-gnutls.c | 9 | ||||
| -rw-r--r-- | libnm-core/nm-crypto-nss.c | 10 |
2 files changed, 9 insertions, 10 deletions
diff --git a/libnm-core/nm-crypto-gnutls.c b/libnm-core/nm-crypto-gnutls.c index 1cfb628bb2..1cf48aeec9 100644 --- a/libnm-core/nm-crypto-gnutls.c +++ b/libnm-core/nm-crypto-gnutls.c @@ -30,6 +30,7 @@ #include <gnutls/x509.h> #include <gnutls/pkcs12.h> +#include "nm-utils/nm-secret-utils.h" #include "nm-errors.h" #define SALT_LEN 8 @@ -160,8 +161,7 @@ _nm_crypto_decrypt (const char *cipher, out: if (!success) { if (output) { - /* Don't expose key material */ - memset (output, 0, data_len); + nm_explicit_bzero (output, data_len); g_free (output); output = NULL; } @@ -251,15 +251,14 @@ _nm_crypto_encrypt (const char *cipher, out: if (padded_buf) { - memset (padded_buf, 0, padded_buf_len); + nm_explicit_bzero (padded_buf, padded_buf_len); g_free (padded_buf); padded_buf = NULL; } if (!success) { if (output) { - /* Don't expose key material */ - memset (output, 0, output_len); + nm_explicit_bzero (output, output_len); g_free (output); output = NULL; } diff --git a/libnm-core/nm-crypto-nss.c b/libnm-core/nm-crypto-nss.c index 6e1b9e176b..fb55b95896 100644 --- a/libnm-core/nm-crypto-nss.c +++ b/libnm-core/nm-crypto-nss.c @@ -35,6 +35,7 @@ #include <ciferfam.h> #include <p12plcy.h> +#include "nm-utils/nm-secret-utils.h" #include "nm-errors.h" static gboolean initialized = FALSE; @@ -233,8 +234,7 @@ out: if (!success) { if (output) { - /* Don't expose key material */ - memset (output, 0, data_len); + nm_explicit_bzero (output, data_len); g_free (output); output = NULL; } @@ -359,11 +359,11 @@ out: if (slot) PK11_FreeSlot (slot); - memset (padded_buf, 0, padded_buf_len); + nm_explicit_bzero (padded_buf, padded_buf_len); g_free (padded_buf); if (!success) { - memset (output, 0, output_len); + nm_explicit_bzero (output, output_len); g_free (output); output = NULL; } @@ -435,7 +435,7 @@ _nm_crypto_verify_pkcs12 (const guint8 *data, memcpy (pw.data, ucs2_password, ucs2_chars); pw.len = ucs2_chars + 2; /* include terminating NULL */ - memset (ucs2_password, 0, ucs2_chars); + nm_explicit_bzero (ucs2_password, ucs2_chars); g_free (ucs2_password); #ifndef WORDS_BIGENDIAN |