From 69b1a97268697ffe9257075d33134f73faede5dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Tue, 9 Sep 2014 09:07:51 +0000 Subject: [PATCH] Introduce strlset(), a memset() variant for strings where the actual size of the buffer is not necessarily known, and which can replace the "memset(str, 0, strlen(str))" idiom. Use it to clear buffers which may have contained authentication tokens. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@803 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- configure.ac | 2 +- lib/libpam/Makefile.am | 4 ++- lib/libpam/openpam_strlset.c | 58 ++++++++++++++++++++++++++++++++++++ lib/libpam/openpam_strlset.h | 41 +++++++++++++++++++++++++ lib/libpam/openpam_ttyconv.c | 3 +- lib/libpam/pam_get_authtok.c | 8 ++++- 6 files changed, 112 insertions(+), 4 deletions(-) create mode 100644 lib/libpam/openpam_strlset.c create mode 100644 lib/libpam/openpam_strlset.h diff --git a/configure.ac b/configure.ac index 1d2e379..d015ed8 100644 --- a/configure.ac +++ b/configure.ac @@ -91,7 +91,7 @@ AC_CHECK_FUNCS([asprintf vasprintf]) AC_CHECK_FUNCS([dlfunc fdlopen]) AC_CHECK_FUNCS([fpurge]) AC_CHECK_FUNCS([setlogmask]) -AC_CHECK_FUNCS([strlcat strlcmp strlcpy]) +AC_CHECK_FUNCS([strlcat strlcmp strlcpy strlset]) saved_LIBS="${LIBS}" LIBS="" diff --git a/lib/libpam/Makefile.am b/lib/libpam/Makefile.am index 43e2f54..4e7df9b 100644 --- a/lib/libpam/Makefile.am +++ b/lib/libpam/Makefile.am @@ -18,6 +18,7 @@ noinst_HEADERS = \ openpam_strlcat.h \ openpam_strlcmp.h \ openpam_strlcpy.h \ + openpam_strlset.h \ openpam_vasprintf.h libpam_la_SOURCES = \ @@ -44,9 +45,10 @@ libpam_la_SOURCES = \ openpam_set_option.c \ openpam_set_feature.c \ openpam_static.c \ + openpam_straddch.c \ openpam_strlcat.c \ openpam_strlcpy.c \ - openpam_straddch.c \ + openpam_strlset.c \ openpam_subst.c \ openpam_vasprintf.c \ openpam_ttyconv.c \ diff --git a/lib/libpam/openpam_strlset.c b/lib/libpam/openpam_strlset.c new file mode 100644 index 0000000..5711b3e --- /dev/null +++ b/lib/libpam/openpam_strlset.c @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 2011-2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifndef HAVE_STRLSET + +#include + +#include "openpam_strlset.h" + +/* + * like memset(3), but stops at the first NUL byte and NUL-terminates the + * result. Returns the number of bytes that were written, not including + * the terminating NUL. + */ +size_t +openpam_strlset(char *str, int ch, size_t size) +{ + size_t len; + + for (len = 0; *str && size > 1; ++len, --size) + *str++ = ch; + *str = '\0'; + return (++len); +} + +#endif diff --git a/lib/libpam/openpam_strlset.h b/lib/libpam/openpam_strlset.h new file mode 100644 index 0000000..2da15ab --- /dev/null +++ b/lib/libpam/openpam_strlset.h @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef OPENPAM_STRLSET_H_INCLUDED +#define OPENPAM_STRLSET_H_INCLUDED + +#ifndef HAVE_STRLSET +size_t openpam_strlset(char *, int, size_t); +#undef strlset +#define strlset(arg, ...) openpam_strlset(arg, __VA_ARGS__) +#endif + +#endif diff --git a/lib/libpam/openpam_ttyconv.c b/lib/libpam/openpam_ttyconv.c index f10cdd4..f5eb384 100644 --- a/lib/libpam/openpam_ttyconv.c +++ b/lib/libpam/openpam_ttyconv.c @@ -55,6 +55,7 @@ #include #include "openpam_impl.h" +#include "openpam_strlset.h" int openpam_ttyconv_timeout = 0; @@ -366,7 +367,7 @@ openpam_ttyconv(int n, fail: for (i = 0; i < n; ++i) { if (aresp[i].resp != NULL) { - memset(aresp[i].resp, 0, strlen(aresp[i].resp)); + strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE); FREE(aresp[i].resp); } } diff --git a/lib/libpam/pam_get_authtok.c b/lib/libpam/pam_get_authtok.c index 584a52e..940d1dc 100644 --- a/lib/libpam/pam_get_authtok.c +++ b/lib/libpam/pam_get_authtok.c @@ -48,6 +48,7 @@ #include #include "openpam_impl.h" +#include "openpam_strlset.h" static const char authtok_prompt[] = "Password:"; static const char authtok_prompt_remote[] = "Password for %u@%h:"; @@ -140,16 +141,21 @@ pam_get_authtok(pam_handle_t *pamh, if (twice) { r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); if (r != PAM_SUCCESS) { + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); RETURNC(r); } - if (strcmp(resp, resp2) != 0) + if (strcmp(resp, resp2) != 0) { + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); + } + strlset(resp2, 0, PAM_MAX_RESP_SIZE); FREE(resp2); } if (resp == NULL) RETURNC(PAM_TRY_AGAIN); r = pam_set_item(pamh, item, resp); + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); if (r != PAM_SUCCESS) RETURNC(r);