allow shutdown(2) syscall in sandbox - it may be called by packet_close()
from portable
(Id sync only; change is already in portable)
+ - tedu@cvs.openbsd.org 2014/01/31 16:39:19
+ [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
+ [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
+ [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
+ [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
+ [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
+ replace most bzero with explicit_bzero, except a few that cna be memset
+ ok djm dtucker
20140131
- (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
-/* $OpenBSD: auth2-chall.c,v 1.39 2013/11/08 00:39:14 djm Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.40 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
if (kbdintctxt->device)
kbdint_reset_device(kbdintctxt);
free(kbdintctxt->devices);
- bzero(kbdintctxt, sizeof(*kbdintctxt));
+ explicit_bzero(kbdintctxt, sizeof(*kbdintctxt));
free(kbdintctxt);
}
/* get next device */
-/* $OpenBSD: authfd.c,v 1.91 2013/12/29 04:29:25 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
if (!authsocket)
return -1;
- bzero(&sunaddr, sizeof(sunaddr));
+ memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
-/* $OpenBSD: authfile.c,v 1.101 2013/12/29 04:35:50 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.102 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
__func__, filename == NULL ? "" : filename,
filename == NULL ? "" : " ", strerror(errno));
buffer_clear(blob);
- bzero(buf, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return 0;
}
buffer_append(blob, buf, len);
if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
buffer_clear(blob);
- bzero(buf, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
goto toobig;
}
}
- bzero(buf, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
st.st_size != buffer_len(blob)) {
debug("%s: key file %.200s%schanged size while reading",
-/* $OpenBSD: bufaux.c,v 1.54 2014/01/12 08:13:13 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
if (cp == ret + length - 1)
error("buffer_get_cstring_ret: string contains \\0");
else {
- bzero(ret, length);
+ explicit_bzero(ret, length);
free(ret);
return NULL;
}
-/* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: bufec.c,v 1.3 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2010 Damien Miller <djm@mindrot.org>
*
ret = 0;
out:
if (buf != NULL) {
- bzero(buf, len);
+ explicit_bzero(buf, len);
free(buf);
}
BN_CTX_free(bnctx);
ret = 0;
out:
BN_CTX_free(bnctx);
- bzero(buf, len);
+ explicit_bzero(buf, len);
free(buf);
return ret;
}
memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr));
port = a6->sin6_port;
- bzero(a4, sizeof(*a4));
+ memset(a4, 0, sizeof(*a4));
a4->sin_family = AF_INET;
*len = sizeof(*a4);
-/* $OpenBSD: channels.c,v 1.328 2013/12/19 01:04:36 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.329 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
if (cc->abandon_cb != NULL)
cc->abandon_cb(c, cc->ctx);
TAILQ_REMOVE(&c->status_confirms, cc, entry);
- bzero(cc, sizeof(*cc));
+ explicit_bzero(cc, sizeof(*cc));
free(cc);
}
if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
return;
cc->cb(type, c, cc->ctx);
TAILQ_REMOVE(&c->status_confirms, cc, entry);
- bzero(cc, sizeof(*cc));
+ explicit_bzero(cc, sizeof(*cc));
free(cc);
}
free(cctx->host);
if (cctx->aitop)
freeaddrinfo(cctx->aitop);
- bzero(cctx, sizeof(*cctx));
- cctx->host = NULL;
- cctx->ai = cctx->aitop = NULL;
+ memset(cctx, 0, sizeof(*cctx));
}
/* Return CONNECTING channel to remote host, port */
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: cipher-chachapoly.c,v 1.3 2013/12/15 21:42:35 djm Exp $ */
+/* $OpenBSD: cipher-chachapoly.c,v 1.4 2014/01/31 16:39:19 tedu Exp $ */
#include "includes.h"
* Run ChaCha20 once to generate the Poly1305 key. The IV is the
* packet sequence number.
*/
- bzero(poly_key, sizeof(poly_key));
+ memset(poly_key, 0, sizeof(poly_key));
put_u64(seqbuf, seqnr);
chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL);
chacha_encrypt_bytes(&ctx->main_ctx,
r = 0;
out:
- bzero(expected_tag, sizeof(expected_tag));
- bzero(seqbuf, sizeof(seqbuf));
- bzero(poly_key, sizeof(poly_key));
+ explicit_bzero(expected_tag, sizeof(expected_tag));
+ explicit_bzero(seqbuf, sizeof(seqbuf));
+ explicit_bzero(poly_key, sizeof(poly_key));
return r;
}
-/* $OpenBSD: clientloop.c,v 1.256 2013/11/20 20:54:10 deraadt Exp $ */
+/* $OpenBSD: clientloop.c,v 1.257 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
gc->cb(type, seq, gc->ctx);
if (--gc->ref_count <= 0) {
TAILQ_REMOVE(&global_confirms, gc, entry);
- bzero(gc, sizeof(*gc));
+ explicit_bzero(gc, sizeof(*gc));
free(gc);
}
int cancel_port, ok;
Forward fwd;
- bzero(&fwd, sizeof(fwd));
+ memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = fwd.connect_host = NULL;
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
-# $Id: configure.ac,v 1.568 2014/01/30 00:26:46 djm Exp $
+# $Id: configure.ac,v 1.569 2014/02/04 00:18:21 djm Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.568 $)
+AC_REVISION($Revision: 1.569 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_LANG([C])
closefrom \
dirfd \
endgrent \
+ explicit_bzero \
fchmod \
fchown \
freeaddrinfo \
-/* $OpenBSD: hostfile.c,v 1.54 2014/01/27 18:58:14 markus Exp $ */
+/* $OpenBSD: hostfile.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
free(hostkeys->entries[i].host);
free(hostkeys->entries[i].file);
key_free(hostkeys->entries[i].key);
- bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
+ explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
}
free(hostkeys->entries);
- bzero(hostkeys, sizeof(*hostkeys));
+ explicit_bzero(hostkeys, sizeof(*hostkeys));
free(hostkeys);
}
-/* $OpenBSD: kexc25519.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
+/* $OpenBSD: kexc25519.c,v 1.5 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2001, 2013 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
#endif
buffer_clear(out);
buffer_put_bignum2_from_string(out, shared_key, CURVE25519_SIZE);
- memset(shared_key, 0, CURVE25519_SIZE); /* XXX explicit_bzero() */
+ explicit_bzero(shared_key, CURVE25519_SIZE);
}
void
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.14 2014/01/31 16:39:19 tedu Exp $ */
#include "includes.h"
struct revoked_serial rs, *ers, *crs, *irs;
KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi));
- bzero(&rs, sizeof(rs));
+ memset(&rs, 0, sizeof(rs));
rs.lo = lo;
rs.hi = hi;
ers = RB_NFIND(revoked_serial_tree, rt, &rs);
struct revoked_certs *rc;
/* Check explicitly revoked hashes first */
- bzero(&rb, sizeof(rb));
+ memset(&rb, 0, sizeof(rb));
if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL)
return -1;
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
}
/* Next, explicit keys */
- bzero(&rb, sizeof(rb));
+ memset(&rb, 0, sizeof(rb));
if (plain_key_blob(key, &rb.blob, &rb.len) != 0)
return -1;
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
return 0; /* No entry for this CA */
/* Check revocation by cert key ID */
- bzero(&rki, sizeof(rki));
+ memset(&rki, 0, sizeof(rki));
rki.key_id = key->cert->key_id;
erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
if (erki != NULL) {
if (key_cert_is_legacy(key) || key->cert->serial == 0)
return 0;
- bzero(&rs, sizeof(rs));
+ memset(&rs, 0, sizeof(rs));
rs.lo = rs.hi = key->cert->serial;
ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
if (ers != NULL) {
-/* $OpenBSD: monitor.c,v 1.129 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.130 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
struct pollfd pfd[2];
for (;;) {
- bzero(&pfd, sizeof(pfd));
+ memset(&pfd, 0, sizeof(pfd));
pfd[0].fd = pmonitor->m_sendfd;
pfd[0].events = POLLIN;
pfd[1].fd = pmonitor->m_log_recvfd;
--- /dev/null
+/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */
+/* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
+/*
+ * Public domain.
+ * Written by Ted Unangst
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_EXPLICIT_BZERO
+
+/*
+ * explicit_bzero - don't let the compiler optimize away bzero
+ */
+void
+explicit_bzero(void *p, size_t n)
+{
+ bzero(p, n);
+}
+#endif
-/* $Id: openbsd-compat.h,v 1.60 2013/12/07 00:51:54 djm Exp $ */
+/* $Id: openbsd-compat.h,v 1.61 2014/02/04 00:18:23 djm Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
u_int8_t *, size_t, unsigned int);
#endif
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *p, size_t n);
+#endif
+
void *xmmap(size_t size);
char *xcrypt(const char *password, const char *salt);
char *shadow_pw(struct passwd *pw);
-/* $OpenBSD: sandbox-systrace.c,v 1.8 2014/01/30 22:26:14 djm Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.9 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
box->systrace_fd, child_pid, strerror(errno));
/* Allocate and assign policy */
- bzero(&policy, sizeof(policy));
+ memset(&policy, 0, sizeof(policy));
policy.strp_op = SYSTR_POLICY_NEW;
policy.strp_maxents = SYS_MAXSYSCALL;
if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
-/* $OpenBSD: session.c,v 1.269 2014/01/18 09:36:26 dtucker Exp $ */
+/* $OpenBSD: session.c,v 1.270 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
fatal("%s: insane session id %d (max %d nalloc %d)",
__func__, id, options.max_sessions, sessions_nalloc);
}
- bzero(&sessions[id], sizeof(*sessions));
+ memset(&sessions[id], 0, sizeof(*sessions));
sessions[id].self = id;
sessions[id].used = 0;
sessions[id].chanid = -1;
-/* $OpenBSD: sftp-client.c,v 1.113 2014/01/17 00:21:06 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.114 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
SSH2_FXP_EXTENDED_REPLY, type);
}
- bzero(st, sizeof(*st));
+ memset(st, 0, sizeof(*st));
st->f_bsize = buffer_get_int64(&msg);
st->f_frsize = buffer_get_int64(&msg);
st->f_blocks = buffer_get_int64(&msg);
-/* $OpenBSD: ssh-keygen.c,v 1.238 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.239 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
fatal("Invalid certificate time format %s", s);
}
- bzero(&tm, sizeof(tm));
+ memset(&tm, 0, sizeof(tm));
if (strptime(buf, fmt, &tm) == NULL)
fatal("Invalid certificate time %s", s);
if ((tt = mktime(&tm)) < 0)
-/* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.398 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1;
snprintf(strport, sizeof strport, "%u", port);
- bzero(&hints, sizeof(hints));
+ memset(&hints, 0, sizeof(hints));
hints.ai_family = options.address_family;
hints.ai_socktype = SOCK_STREAM;
if (cname != NULL)
#endif /* PKCS11 */
n_ids = 0;
- bzero(identity_files, sizeof(identity_files));
- bzero(identity_keys, sizeof(identity_keys));
+ memset(identity_files, 0, sizeof(identity_files));
+ memset(identity_keys, 0, sizeof(identity_keys));
#ifdef ENABLE_PKCS11
if (options.pkcs11_provider != NULL &&
memcpy(options.identity_files, identity_files, sizeof(identity_files));
memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
- bzero(pwname, strlen(pwname));
+ explicit_bzero(pwname, strlen(pwname));
free(pwname);
- bzero(pwdir, strlen(pwdir));
+ explicit_bzero(pwdir, strlen(pwdir));
free(pwdir);
}
-/* $OpenBSD: sshconnect2.c,v 1.202 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.203 2014/01/31 16:39:19 tedu Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
/* If IdentitiesOnly set and key not found then don't use it */
if (!found && options.identities_only) {
TAILQ_REMOVE(&files, id, next);
- bzero(id, sizeof(*id));
+ explicit_bzero(id, sizeof(*id));
free(id);
}
}
-/* $OpenBSD: sshd.c,v 1.416 2014/01/29 00:19:26 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.417 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
- bzero(rnd, sizeof(rnd));
+ explicit_bzero(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */
demote_sensitive_data();
arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
- bzero(rnd, sizeof(rnd));
+ explicit_bzero(rnd, sizeof(rnd));
/* Drop privileges */
do_setusercontext(authctxt->pw);
arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
- bzero(rnd, sizeof(rnd));
+ explicit_bzero(rnd, sizeof(rnd));
}
/* child process check (or debug mode) */
-/* $OpenBSD: sshlogin.c,v 1.27 2011/01/11 06:06:09 djm Exp $ */
+/* $OpenBSD: sshlogin.c,v 1.28 2014/01/31 16:39:19 tedu Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
projects / thirdparty / openssh-portable.git / commitdiff
