From: David CARLIER Date: Thu, 3 Feb 2022 16:14:29 +0000 (+0000) Subject: Support reliable zeroing of sensitive buffers (#758) X-Git-Tag: SQUID_6_0_1~243 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d6a38a5d7812184b8053f01b1fe6cdda6223a4c;p=thirdparty%2Fsquid.git Support reliable zeroing of sensitive buffers (#758) TODO: Use the new API for more sensible buffers, possibly adding a wrapper class for sensitive content to automate cleanup. --- diff --git a/src/auth/digest/eDirectory/edir_ldapext.cc b/src/auth/digest/eDirectory/edir_ldapext.cc index 439c9c0206..ed0e3cb3a7 100644 --- a/src/auth/digest/eDirectory/edir_ldapext.cc +++ b/src/auth/digest/eDirectory/edir_ldapext.cc @@ -32,6 +32,7 @@ #include "squid.h" #include "auth/digest/eDirectory/digest_common.h" +#include "mem/Sensitive.h" #if _SQUID_WINDOWS_ && !_SQUID_CYGWIN_ @@ -399,7 +400,7 @@ static int nmasldap_get_simple_pwd( } if (pwdBuf != NULL) { - memset(pwdBuf, 0, bufferLen); + Mem::ZeroSensitiveMemory(pwdBuf, bufferLen); free(pwdBuf); } @@ -482,7 +483,7 @@ static int nmasldap_get_password( } if (pwdBuf != NULL) { - memset(pwdBuf, 0, bufferLen); + Mem::ZeroSensitiveMemory(pwdBuf, bufferLen); free(pwdBuf); } diff --git a/src/mem/Makefile.am b/src/mem/Makefile.am index 3c07cad408..19cdeebc02 100644 --- a/src/mem/Makefile.am +++ b/src/mem/Makefile.am @@ -21,5 +21,6 @@ libmem_la_SOURCES = \ PoolMalloc.cc \ PoolMalloc.h \ PoolingAllocator.h \ + Sensitive.h \ forward.h \ old_api.cc diff --git a/src/mem/Sensitive.h b/src/mem/Sensitive.h new file mode 100644 index 0000000000..190b02eded --- /dev/null +++ b/src/mem/Sensitive.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) 1996-2021 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + */ + +#ifndef SQUID_SRC_MEM_SENSITIVE_H +#define SQUID_SRC_MEM_SENSITIVE_H + +#include + +namespace Mem { + +/// zeros the given memory area while disallowing the compiler to skip (i.e. +/// optimize away) this cleanup, unlike a regular call to std::memset() or alike +inline void +ZeroSensitiveMemory(void *dst, const size_t len) +{ + if (!len) + return; + + assert(dst); + + volatile const auto setMemory = &std::memset; + (void)setMemory(dst, 0, len); +} + +} // namespace mem + +#endif /* SQUID_SRC_MEM_SENSITIVE_H */ +