diff options
| author | Greg Hudson <ghudson@mit.edu> | 2016-10-31 12:10:48 -0400 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2016-11-09 13:53:55 -0500 |
| commit | c051de65f9b7432a4e2c400d1a722470c08e6691 (patch) | |
| tree | 06ee436a791ddefa598411b5b84861c98b36236c | |
| parent | 100e4aa16ea03faac8346382ee0ba07c84c3df45 (diff) | |
| download | krb5-c051de65f9b7432a4e2c400d1a722470c08e6691.zip krb5-c051de65f9b7432a4e2c400d1a722470c08e6691.tar.gz krb5-c051de65f9b7432a4e2c400d1a722470c08e6691.tar.bz2 | |
Use zap() more consistently
Use zap() or zapfree() in places where we previously used memset() to
scrub memory. Reported by Zhaomo Yang and Brian Johannesmeyer.
(cherry picked from commit d58cfa06bab766cf1354bc593deea300388072c0)
ticket: 8514
version_fixed: 1.15
| -rw-r--r-- | src/kadmin/dbutil/kdb5_create.c | 5 | ||||
| -rw-r--r-- | src/kdc/main.c | 3 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/rc4.c | 6 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/delete_sec_context.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/export_sec_context.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/lucid_context.c | 4 | ||||
| -rw-r--r-- | src/lib/gssapi/mechglue/g_initialize.c | 6 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 9 | ||||
| -rw-r--r-- | src/lib/krb5/krb/authdata.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/pac.c | 11 |
10 files changed, 16 insertions, 35 deletions
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index 8173b09..92bb6f6 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -348,10 +348,7 @@ void kdb5_create(argc, argv) printf(_("Warning: couldn't stash master key.\n")); } /* clean up */ - if (pw_str) { - memset(pw_str, 0, pw_size); - free(pw_str); - } + zapfree(pw_str, pw_size); free(master_salt.data); if (kadm5_create(&global_params)) { diff --git a/src/kdc/main.c b/src/kdc/main.c index 6767ef0..ebc852b 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -170,8 +170,7 @@ finish_realm(kdc_realm_t *rdp) krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc); krb5_free_context(rdp->realm_context); } - memset(rdp, 0, sizeof(*rdp)); - free(rdp); + zapfree(rdp, sizeof(*rdp)); } /* Set *val_out to an allocated string containing val1 and/or val2, separated diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c index 6fca98b..3776f80 100644 --- a/src/lib/crypto/builtin/enc_provider/rc4.c +++ b/src/lib/crypto/builtin/enc_provider/rc4.c @@ -144,10 +144,8 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, (const unsigned char *)iov->data.data, iov->data.length); } - if (state == NULL) { - memset(arcfour_ctx, 0, sizeof(ArcfourContext)); - free(arcfour_ctx); - } + if (state == NULL) + zapfree(arcfour_ctx, sizeof(ArcfourContext)); return 0; } diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c index 89228ca..4b9dfae 100644 --- a/src/lib/gssapi/krb5/delete_sec_context.c +++ b/src/lib/gssapi/krb5/delete_sec_context.c @@ -87,7 +87,7 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token) krb5_free_context(ctx->k5_context); /* Zero out context */ - memset(ctx, 0, sizeof(*ctx)); + zap(ctx, sizeof(*ctx)); xfree(ctx); /* zero the handle itself */ diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c index 1b3de68..49bd76d 100644 --- a/src/lib/gssapi/krb5/export_sec_context.c +++ b/src/lib/gssapi/krb5/export_sec_context.c @@ -91,7 +91,7 @@ error_out: if (kret != 0 && context != 0) save_error_info((OM_uint32)kret, context); if (obuffer && bufsize) { - memset(obuffer, 0, bufsize); + zap(obuffer, bufsize); xfree(obuffer); } if (*minor_status == 0) diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c index 449e71f..a894f0e 100644 --- a/src/lib/gssapi/krb5/lucid_context.c +++ b/src/lib/gssapi/krb5/lucid_context.c @@ -266,9 +266,9 @@ free_lucid_key_data( { if (key) { if (key->data && key->length) { - memset(key->data, 0, key->length); + zap(key->data, key->length); xfree(key->data); - memset(key, 0, sizeof(gss_krb5_lucid_key_t)); + zap(key, sizeof(gss_krb5_lucid_key_t)); } } } diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c index 213ea19..9197666 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c @@ -560,10 +560,8 @@ releaseMechInfo(gss_mech_info *pCf) if (cf->mech_type != GSS_C_NO_OID && cf->mech_type != &cf->mech->mech_type) generic_gss_release_oid(&minor_status, &cf->mech_type); - if (cf->mech != NULL && cf->freeMech) { - memset(cf->mech, 0, sizeof(*cf->mech)); - free(cf->mech); - } + if (cf->freeMech) + zapfree(cf->mech, sizeof(*cf->mech)); if (cf->dl_handle != NULL) krb5int_close_plugin(cf->dl_handle); if (cf->int_mech_type != GSS_C_NO_OID) diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 466204d..0640b47 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -48,13 +48,8 @@ kadm5_ret_t krb5_copy_key_data_contents(context, from, to) if ( from->key_data_length[i] ) { to->key_data_contents[i] = malloc(from->key_data_length[i]); if (to->key_data_contents[i] == NULL) { - for (i = 0; i < idx; i++) { - if (to->key_data_contents[i]) { - memset(to->key_data_contents[i], 0, - to->key_data_length[i]); - free(to->key_data_contents[i]); - } - } + for (i = 0; i < idx; i++) + zapfree(to->key_data_contents[i], to->key_data_length[i]); return ENOMEM; } memcpy(to->key_data_contents[i], from->key_data_contents[i], diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index c56f7bc..abb2ab9 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -480,8 +480,7 @@ krb5_authdata_context_free(krb5_context kcontext, context->modules = NULL; } krb5int_close_plugin_dirs(&context->plugins); - memset(context, 0, sizeof(*context)); - free(context); + zapfree(context, sizeof(*context)); } krb5_error_code KRB5_CALLCONV diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index 3a2ea23..9098927 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -125,14 +125,9 @@ krb5_pac_free(krb5_context context, krb5_pac pac) { if (pac != NULL) { - if (pac->data.data != NULL) { - memset(pac->data.data, 0, pac->data.length); - free(pac->data.data); - } - if (pac->pac != NULL) - free(pac->pac); - memset(pac, 0, sizeof(*pac)); - free(pac); + zapfree(pac->data.data, pac->data.length); + free(pac->pac); + zapfree(pac, sizeof(*pac)); } } |