New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Leaking pins: memcpy != memset #13
Comments
Note: clearing is already correctly implemented in |
Issue #13. Checked on Ubuntu 16.04 with both nitrokey-app and libnitrokey py.test test suite.
Just checking that my logic isn't off. The nk hsm doesn't use this protocol at all, so these bugs don't matter on the temporary hsm branch. Actually, someone could still use it, but we would never expect a sane user to actually generate reports with sensitive info on an hsm... |
The functions listed in |
Well, I believe the protocol is still exposed on an hsm, we just don't advertise it in the descriptor. So if any illegitimate use of the protocol can lead to sensitive leaks, we need to deactivate it. But I don't have a scenario. |
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
I suspect that this is supposed to zero the card_password (memset?). It doesn't. This is undefined behavior. If you are lucky the compiler doesn't generate any code for this.
A quick regex search finds 10 of these just in report_protocol.c. I didn't look further.
Also, if this is used with a nonzero second argument the compiler will actually have to generate code for this afaik, so that might be better, or even worse, depending on the situation. Since it is a bit harder to search for, I didn't. Make sure to look for that as well.
The compiler issues a warning every time this pattern is used!
The text was updated successfully, but these errors were encountered: