Replaces #12959.
_cleanup_(macsec_transmit_association_free_or_set_invalidp) TransmitAssociation *a = NULL;
_cleanup_(macsec_receive_association_free_or_set_invalidp) ReceiveAssociation *b = NULL;
- _cleanup_free_ void *p;
+ _cleanup_(erase_and_freep) void *p = NULL;
MACsec *s = userdata;
SecurityAssociation *dest;
size_t l;
r = unhexmem_full(rvalue, strlen(rvalue), true, &p, &l);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r,
- "Failed to parse key. Ignoring assignment: %m");
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse key. Ignoring assignment: %m");
return 0;
}
+
if (l != 16) {
/* See DEFAULT_SAK_LEN in drivers/net/macsec.c */
- explicit_bzero_safe(p, l);
- log_syntax(unit, LOG_ERR, filename, line, 0,
- "Invalid key length (%zu). Ignoring assignment", l);
+ log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid key length (%zu). Ignoring assignment", l);
return 0;
}
+ explicit_bzero_safe(dest->key, dest->key_len);
free_and_replace(dest->key, p);
dest->key_len = l;
}
static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
- _cleanup_free_ uint8_t *key = NULL;
+ _cleanup_(erase_and_freep) uint8_t *key = NULL;
size_t key_len;
int r;
return log_netdev_error_errno(netdev, r,
"Failed to read key from '%s', ignoring: %m",
sa->key_file);
- if (key_len != 16) {
- explicit_bzero_safe(key, key_len);
+
+ if (key_len != 16)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
- "Invalid key length (%zu bytes), ignoring: %m",
- key_len);
- }
+ "Invalid key length (%zu bytes), ignoring: %m", key_len);
explicit_bzero_safe(sa->key, sa->key_len);
free_and_replace(sa->key, key);
unsigned line,
const char *lvalue) {
- _cleanup_free_ void *key = NULL;
+ _cleanup_(erase_and_freep) void *key = NULL;
size_t len;
int r;
if (r < 0)
return log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to decode wireguard key provided by %s=, ignoring assignment: %m", lvalue);
- if (len != WG_KEY_LEN) {
- explicit_bzero_safe(key, len);
+ if (len != WG_KEY_LEN)
return log_syntax(unit, LOG_ERR, filename, line, 0,
"Wireguard key provided by %s= has invalid length (%zu bytes), ignoring assignment.",
lvalue, len);
- }
memcpy(ret, key, WG_KEY_LEN);
return 0;
}
static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_KEY_LEN]) {
- _cleanup_free_ char *key = NULL;
+ _cleanup_(erase_and_freep) char *key = NULL;
size_t key_len;
int r;
if (r < 0)
return r;
- if (key_len != WG_KEY_LEN) {
- r = -EINVAL;
- goto finalize;
- }
+ if (key_len != WG_KEY_LEN)
+ return -EINVAL;
memcpy(dest, key, WG_KEY_LEN);
- r = 0;
-
-finalize:
- explicit_bzero_safe(key, key_len);
- return r;
+ return 0;
}
static int wireguard_peer_verify(WireguardPeer *peer) {
}
int main(int argc, char *argv[]) {
- _cleanup_free_ char *packet = NULL;
+ _cleanup_(erase_and_freep) char *packet = NULL;
_cleanup_close_ int fd = -1;
size_t length = 0;
int r;
r = send_on_socket(fd, argv[2], packet, length);
finish:
- explicit_bzero_safe(packet, length);
-
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
}
static int retrieve_key(key_serial_t serial, char ***ret) {
- _cleanup_free_ char *p = NULL;
- long m = 100, n;
+ size_t nfinal, m = 100;
char **l;
+ _cleanup_(erase_and_freep) char *pfinal = NULL;
assert(ret);
for (;;) {
+ _cleanup_(erase_and_freep) char *p = NULL;
+ long n;
+
p = new(char, m);
if (!p)
return -ENOMEM;
n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0);
if (n < 0)
return -errno;
- if (n < m)
+ if ((size_t) n < m) {
+ nfinal = (size_t) n;
+ pfinal = TAKE_PTR(p);
break;
-
- explicit_bzero_safe(p, m);
+ }
if (m > LONG_MAX / 2) /* overflow check */
return -ENOMEM;
m *= 2;
- if ((long) (size_t) m != m) /* make sure that this still fits if converted to size_t */
- return -ENOMEM;
-
- free(p);
}
- l = strv_parse_nulstr(p, n);
+ l = strv_parse_nulstr(pfinal, nfinal);
if (!l)
return -ENOMEM;
- explicit_bzero_safe(p, n);
-
*ret = l;
return 0;
}
static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **passwords) {
_cleanup_strv_free_erase_ char **l = NULL;
- _cleanup_free_ char *p = NULL;
+ _cleanup_(erase_and_freep) char *p = NULL;
key_serial_t serial;
size_t n;
int r;
return r;
serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING);
- explicit_bzero_safe(p, n);
if (serial == -1)
return -errno;
}
static int send_passwords(const char *socket_name, char **passwords) {
- _cleanup_free_ char *packet = NULL;
+ _cleanup_(erase_and_freep) char *packet = NULL;
_cleanup_close_ int socket_fd = -1;
union sockaddr_union sa = {};
size_t packet_length = 1;
char **p, *d;
ssize_t n;
- int r, salen;
+ int salen;
assert(socket_name);
d = stpcpy(d, *p) + 1;
socket_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
- if (socket_fd < 0) {
- r = log_debug_errno(errno, "socket(): %m");
- goto finish;
- }
+ if (socket_fd < 0)
+ return log_debug_errno(errno, "socket(): %m");
n = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, salen);
- if (n < 0) {
- r = log_debug_errno(errno, "sendto(): %m");
- goto finish;
- }
+ if (n < 0)
+ return log_debug_errno(errno, "sendto(): %m");
- r = (int) n;
-
-finish:
- explicit_bzero_safe(packet, packet_length);
- return r;
+ return (int) n;
}
static int parse_password(const char *filename, char **wall) {
projects / thirdparty / systemd.git / commitdiff
