Overview

File 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch of Package pam_pkcs11.37564

From a0c9b6ffc020944f03f57e7de66ad4363d52125d Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Sat, 26 May 2018 00:10:49 +0200
Subject: [PATCH 3/3] fixed wiping secrets with OpenSSL_cleanse()

Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting the problems.
---
 src/common/pkcs11_lib.c     | 15 ++++++++++++---
 src/common/pkcs11_lib.h     |  1 +
 src/pam_pkcs11/pam_pkcs11.c | 10 +++++-----
 3 files changed, 18 insertions(+), 8 deletions(-)

Index: pam_pkcs11-0.6.8/src/common/pkcs11_lib.c
===================================================================
--- pam_pkcs11-0.6.8.orig/src/common/pkcs11_lib.c	2018-08-17 12:39:41.682103335 +0200
+++ pam_pkcs11-0.6.8/src/common/pkcs11_lib.c	2018-08-17 12:40:30.718467746 +0200
@@ -64,7 +64,7 @@ int pkcs11_pass_login(pkcs11_handle_t *h
 
   /* perform pkcs #11 login */
   rv = pkcs11_login(h, pin);
-  memset(pin, 0, strlen(pin));
+  cleanse(pin, strlen(pin));
   free(pin);
   if (rv != 0) {
     set_error("pkcs11_login() failed: %s", get_error());
@@ -161,6 +161,15 @@ int get_random_value(unsigned char *data
   return 0;
 }
 
+void cleanse(void *ptr, size_t len)
+{
+#ifdef HAVE_OPENSSL
+  OPENSSL_cleanse(ptr, len);
+#else
+  memset(ptr, 0, len);
+#endif
+}
+
 
 #ifdef HAVE_NSS
 /*
@@ -639,7 +648,7 @@ void release_pkcs11_module(pkcs11_handle
   if (h->module) {
     SECMOD_DestroyModule(h->module);
   }
-  memset(h, 0, sizeof(pkcs11_handle_t));
+  cleanse(h, sizeof(pkcs11_handle_t));
   free(h);
 
   /* if we initialized NSS, then we need to shut it down */
@@ -1177,7 +1186,7 @@ void release_pkcs11_module(pkcs11_handle
   /* release all allocated memory */
   if (h->slots != NULL)
     free(h->slots);
-  memset(h, 0, sizeof(pkcs11_handle_t));
+  cleanse(h, 0, sizeof(pkcs11_handle_t));
   free(h);
 }
 
Index: pam_pkcs11-0.6.8/src/common/pkcs11_lib.h
===================================================================
--- pam_pkcs11-0.6.8.orig/src/common/pkcs11_lib.h	2018-08-17 12:39:41.682103335 +0200
+++ pam_pkcs11-0.6.8/src/common/pkcs11_lib.h	2018-08-17 12:39:43.394116057 +0200
@@ -67,6 +67,7 @@ PKCS11_EXTERN int sign_value(pkcs11_hand
                unsigned char *data, unsigned long length,
                unsigned char **signature, unsigned long *signature_length);
 PKCS11_EXTERN int get_random_value(unsigned char *data, int length);
+PKCS11_EXTERN void cleanse(void *ptr, size_t len);
 
 #undef PKCS11_EXTERN
 
Index: pam_pkcs11-0.6.8/src/pam_pkcs11/pam_pkcs11.c
===================================================================
--- pam_pkcs11-0.6.8.orig/src/pam_pkcs11/pam_pkcs11.c	2018-08-17 12:39:41.686103365 +0200
+++ pam_pkcs11-0.6.8/src/pam_pkcs11/pam_pkcs11.c	2018-08-17 12:39:43.394116057 +0200
@@ -104,7 +104,7 @@ static int pam_prompt(pam_handle_t *pamh
      *response = strdup(resp[0].resp);
   }
   /* overwrite memory and release it */
-  memset(resp[0].resp, 0, strlen(resp[0].resp));
+  cleanse(resp[0].resp, strlen(resp[0].resp));
   free(&resp[0]);
   return PAM_SUCCESS;
 }
@@ -164,7 +164,7 @@ static int pam_get_pwd(pam_handle_t *pam
       return PAM_CRED_INSUFFICIENT;
     *pwd = strdup(resp[0].resp);
     /* overwrite memory and release it */
-    memset(resp[0].resp, 0, strlen(resp[0].resp));
+    cleanse(resp[0].resp, strlen(resp[0].resp));
     free(&resp[0]);
     /* save password if variable nitem is set */
     if ((nitem == PAM_AUTHTOK) || (nitem == PAM_OLDAUTHTOK)) {
@@ -490,7 +490,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 		/* check password length */
 		if (!configuration->nullok && strlen(password) == 0) {
 			release_pkcs11_module(ph);
-			memset(password, 0, strlen(password));
+			cleanse(password, strlen(password));
 			free(password);
 			pam_syslog(pamh, LOG_ERR,
 					"password length is zero but the 'nullok' argument was not defined.");
@@ -516,7 +516,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
     /* erase and free in-memory password data asap */
 	if (password)
 	{
-		memset(password, 0, strlen(password));
+		cleanse(password, strlen(password));
 		free(password);
 	}
     if (rv != 0) {
@@ -804,7 +804,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
   return PAM_SUCCESS;
 
     /* quick and dirty fail exit point */
-    memset(password, 0, strlen(password));
+    cleanse(password, strlen(password));
     free(password); /* erase and free in-memory password data */
 
 auth_failed_nopw:
openSUSE Build Service is sponsored by
Places