Refactor implementation of secure/explicit memset

versat · Feb 7, 2024 · 32ddf5a · 32ddf5a
1 parent 44d7505
commit 32ddf5a
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 9 deletions.
diff --git a/http.c b/http.c
@@ -661,15 +661,15 @@ int http_parse_basic(hlist_const_t headers, const char *header, struct auth_s *t
 
 	tmp = hlist_get(headers, header);
 	assert(tmp != NULL);
-	buf = zmalloc(strlen(tmp) + 1);
+	size_t header_bufsize = strlen(tmp) + 1;
+	buf = zmalloc(header_bufsize);
 	i = 5;
 	while (i < strlen(tmp) && tmp[++i] == ' ');
 	from_base64(buf, tmp+i);
 	pos = strchr(buf, ':');
 
 	if (pos == NULL) {
-		memset(buf, 0, strlen(buf));
-		__asm__ volatile ("" ::: "memory"); /* clean password memory; try to avoid the compiler optimizing this out */
+		compat_memset_s(buf, header_bufsize, 0, strlen(buf)); /* clean memory containing credentials */
 		free(buf);
 		return -1;
 	} else {
@@ -702,8 +702,7 @@ int http_parse_basic(hlist_const_t headers, const char *header, struct auth_s *t
 			free(tmp);
 		}
 
-		memset(buf, 0, strlen(buf));
-		__asm__ volatile ("" ::: "memory");
+		compat_memset_s(buf, header_bufsize, 0, strlen(buf));
 		free(buf);
 	}
 

diff --git a/main.c b/main.c
@@ -1456,8 +1456,7 @@ int main(int argc, char **argv) {
 			auth_memcpy(g_creds, passntlm2, tmp, 16);
 			free(tmp);
 		}
-		memset(cpassword, 0, strlen(cpassword));
-		__asm__ volatile ("" ::: "memory");
+		compat_memset_s(cpassword, PASSWORD_BUFSIZE, 0, strlen(cpassword));
 	}
 
 	auth_strcpy(g_creds, user, cuser);

diff --git a/utils.c b/utils.c
@@ -855,12 +855,11 @@ char *urlencode(const char * const str) {
 
 char *printmem(const char * const src, const size_t len, const int bitwidth) {
 	char *tmp;
-	uint8_t val;
 	size_t i;
 
 	tmp = zmalloc(2*len+1);
 	for (i = 0; i < len; ++i) {
-		val = (uint8_t)src[i] & (0xFF >> (8-bitwidth));
+		uint8_t val = (uint8_t)src[i] & (0xFF >> (8-bitwidth));
 		tmp[i*2] = hextab[val >> 4];
 		tmp[i*2+1] = hextab[val & 0x0F];
 	}
@@ -1128,3 +1127,11 @@ ssize_t write_wrapper(int fildes, const void *buf, const size_t nbyte)
 
 	return retval;
 }
+
+void compat_memset_s( void *dest, size_t destsz, char ch, size_t count ){
+	count = MIN(count, destsz);
+	volatile unsigned char *p = dest;
+	while (count--){
+		*p++ = ch;
+	}
+}
diff --git a/utils.h b/utils.h
@@ -200,6 +200,8 @@ extern uint64_t getrandom64(void) __attribute__((warn_unused_result));
 
 extern ssize_t write_wrapper(int fildes, const void *buf, const size_t nbyte);
 
+extern void compat_memset_s( void *dest, size_t destsz, char ch, size_t count );
+
 #if config_strdup == 0
 extern char *strdup(const char *src)  __attribute__((warn_unused_result));
 #endif