From: Greg Hudson Date: Mon, 31 Oct 2016 16:10:48 +0000 (-0400) Subject: Use zap() more consistently X-Git-Tag: krb5-1.14.5-final~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=39800f15888135f4df337f9b6f97595c75b385ad;p=thirdparty%2Fkrb5.git Use zap() more consistently Use zap() or zapfree() in places where we previously used memset() to scrub memory. Reported by Zhaomo Yang and Brian Johannesmeyer. (back ported from commit d58cfa06bab766cf1354bc593deea300388072c0) ticket: 8514 version_fixed: 1.14.5 --- diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index 3698d57193..6d91af3668 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -350,12 +350,8 @@ void kdb5_create(argc, argv) } /* clean up */ (void) krb5_db_fini(util_context); - memset(master_keyblock.contents, 0, master_keyblock.length); - free(master_keyblock.contents); - if (pw_str) { - memset(pw_str, 0, pw_size); - free(pw_str); - } + zapfree(master_keyblock.contents, master_keyblock.length); + zapfree(pw_str, pw_size); free(master_salt.data); if (kadm5_create(&global_params)) { diff --git a/src/kdc/main.c b/src/kdc/main.c index 82dfc0e863..0bbe33ac82 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -168,8 +168,7 @@ finish_realm(kdc_realm_t *rdp) krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc); krb5_free_context(rdp->realm_context); } - memset(rdp, 0, sizeof(*rdp)); - free(rdp); + zapfree(rdp, sizeof(*rdp)); } /* Set *val_out to an allocated string containing val1 and/or val2, separated diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c index 6fca98b4ff..3776f80715 100644 --- a/src/lib/crypto/builtin/enc_provider/rc4.c +++ b/src/lib/crypto/builtin/enc_provider/rc4.c @@ -144,10 +144,8 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, (const unsigned char *)iov->data.data, iov->data.length); } - if (state == NULL) { - memset(arcfour_ctx, 0, sizeof(ArcfourContext)); - free(arcfour_ctx); - } + if (state == NULL) + zapfree(arcfour_ctx, sizeof(ArcfourContext)); return 0; } diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c index 89228ca782..4b9dfae0d5 100644 --- a/src/lib/gssapi/krb5/delete_sec_context.c +++ b/src/lib/gssapi/krb5/delete_sec_context.c @@ -87,7 +87,7 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) krb5_free_context(ctx->k5_context); /* Zero out context */ - memset(ctx, 0, sizeof(*ctx)); + zap(ctx, sizeof(*ctx)); xfree(ctx); /* zero the handle itself */ diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c index 1b3de68188..49bd76d2bc 100644 --- a/src/lib/gssapi/krb5/export_sec_context.c +++ b/src/lib/gssapi/krb5/export_sec_context.c @@ -91,7 +91,7 @@ error_out: if (kret != 0 && context != 0) save_error_info((OM_uint32)kret, context); if (obuffer && bufsize) { - memset(obuffer, 0, bufsize); + zap(obuffer, bufsize); xfree(obuffer); } if (*minor_status == 0) diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c index 449e71fed4..a894f0e735 100644 --- a/src/lib/gssapi/krb5/lucid_context.c +++ b/src/lib/gssapi/krb5/lucid_context.c @@ -266,9 +266,9 @@ free_lucid_key_data( { if (key) { if (key->data && key->length) { - memset(key->data, 0, key->length); + zap(key->data, key->length); xfree(key->data); - memset(key, 0, sizeof(gss_krb5_lucid_key_t)); + zap(key, sizeof(gss_krb5_lucid_key_t)); } } } diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c index b7e8a8daf8..42299eb3a6 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c @@ -513,10 +513,8 @@ releaseMechInfo(gss_mech_info *pCf) if (cf->mech_type != GSS_C_NO_OID && cf->mech_type != &cf->mech->mech_type) generic_gss_release_oid(&minor_status, &cf->mech_type); - if (cf->mech != NULL && cf->freeMech) { - memset(cf->mech, 0, sizeof(*cf->mech)); - free(cf->mech); - } + if (cf->freeMech) + zapfree(cf->mech, sizeof(*cf->mech)); if (cf->dl_handle != NULL) krb5int_close_plugin(cf->dl_handle); if (cf->int_mech_type != GSS_C_NO_OID) diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 1d4365c836..87b8c23e07 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -122,13 +122,8 @@ kadm5_ret_t krb5_copy_key_data_contents(context, from, to) if ( from->key_data_length[i] ) { to->key_data_contents[i] = malloc(from->key_data_length[i]); if (to->key_data_contents[i] == NULL) { - for (i = 0; i < idx; i++) { - if (to->key_data_contents[i]) { - memset(to->key_data_contents[i], 0, - to->key_data_length[i]); - free(to->key_data_contents[i]); - } - } + for (i = 0; i < idx; i++) + zapfree(to->key_data_contents[i], to->key_data_length[i]); return ENOMEM; } memcpy(to->key_data_contents[i], from->key_data_contents[i], diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index fb8beb3cfd..b4cbefe52b 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -479,8 +479,7 @@ krb5_authdata_context_free(krb5_context kcontext, context->modules = NULL; } krb5int_close_plugin_dirs(&context->plugins); - memset(context, 0, sizeof(*context)); - free(context); + zapfree(context, sizeof(*context)); } krb5_error_code KRB5_CALLCONV diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index 2458695b1c..82c112eacd 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -125,14 +125,9 @@ krb5_pac_free(krb5_context context, krb5_pac pac) { if (pac != NULL) { - if (pac->data.data != NULL) { - memset(pac->data.data, 0, pac->data.length); - free(pac->data.data); - } - if (pac->pac != NULL) - free(pac->pac); - memset(pac, 0, sizeof(*pac)); - free(pac); + zapfree(pac->data.data, pac->data.length); + free(pac->pac); + zapfree(pac, sizeof(*pac)); } }