Skip to content
Permalink
Browse files

Clear memory with explicit_bzero()

Patch by: michaelortmann

Enhances security by using explicit_bzero() for clearing sensitive memory such as a password.
  • Loading branch information
michaelortmann committed Mar 14, 2020
1 parent 916e3a5 commit 6e072f0122b4f1283537c71ec415e14eae6a4076
Showing with 147 additions and 9 deletions.
  1. +1 −1 configure.ac
  2. +9 −6 src/compat/Makefile.in
  3. +1 −0 src/compat/compat.h
  4. +94 −0 src/compat/explicit_bzero.c
  5. +30 −0 src/compat/explicit_bzero.h
  6. +9 −2 src/dcc.c
  7. +2 −0 src/mod/share.mod/share.c
  8. +1 −0 src/userent.c
@@ -111,7 +111,7 @@ AX_TYPE_SOCKLEN_T
AX_CREATE_STDINT_H([eggint.h])

# Checks for functions and their arguments.
AC_CHECK_FUNCS([clock dprintf getrandom getrusage inet_aton isascii random rand lrand48 setpgid snprintf strlcpy vsnprintf])
AC_CHECK_FUNCS([clock dprintf explicit_bzero explicit_memset getrandom getrusage inet_aton isascii memset_s random rand lrand48 setpgid snprintf strlcpy vsnprintf])
AC_FUNC_SELECT_ARGTYPES
EGG_FUNC_B64_NTOP
EGG_FUNC_VPRINTF
@@ -17,8 +17,8 @@ STRIP = @STRIP@
CFLAGS = @CFLAGS@ -I../.. -I$(top_srcdir) -I$(top_srcdir)/src @SSL_INCLUDES@ @DEFS@ $(CFLGS)
CPPFLAGS = @CPPFLAGS@

OBJS = base64.o gethostbyname2.o in6.o inet_aton.o inet_pton.o snprintf.o \
strlcpy.o
OBJS = base64.o explicit_bzero.o gethostbyname2.o in6.o inet_aton.o \
inet_pton.o snprintf.o strlcpy.o

doofus:
@echo ""
@@ -42,6 +42,7 @@ compat: $(OBJS)

#safety hash
base64.o: base64.c ../../config.h
explicit_bzero.o: explicit_bzero.c ../../config.h
gethostbyname2.o: gethostbyname2.c gethostbyname2.h ../../src/main.h \
../../config.h ../../eggint.h ../../lush.h ../../src/lang.h \
../../src/eggdrop.h ../../src/compat/in6.h ../../src/flags.h \
@@ -50,7 +51,7 @@ gethostbyname2.o: gethostbyname2.c gethostbyname2.h ../../src/main.h \
../../src/users.h ../../src/compat/compat.h ../../src/compat/base64.h \
../../src/compat/inet_aton.h ../../src/compat/snprintf.h \
../../src/compat/inet_pton.h ../../src/compat/gethostbyname2.h \
../../src/compat/strlcpy.h
../../src/compat/explicit_bzero.h ../../src/compat/strlcpy.h
in6.o: in6.c in6.h
inet_aton.o: inet_aton.c ../../src/main.h ../../config.h ../../eggint.h \
../../lush.h ../../src/lang.h ../../src/eggdrop.h ../../src/compat/in6.h \
@@ -59,7 +60,8 @@ inet_aton.o: inet_aton.c ../../src/main.h ../../config.h ../../eggint.h \
../../src/users.h ../../src/compat/compat.h ../../src/compat/base64.h \
../../src/compat/inet_aton.h ../../src/main.h \
../../src/compat/snprintf.h ../../src/compat/inet_pton.h \
../../src/compat/gethostbyname2.h ../../src/compat/strlcpy.h inet_aton.h
../../src/compat/gethostbyname2.h ../../src/compat/explicit_bzero.h \
../../src/compat/strlcpy.h inet_aton.h
inet_pton.o: inet_pton.c inet_pton.h ../../src/main.h ../../config.h \
../../eggint.h ../../lush.h ../../src/lang.h ../../src/eggdrop.h \
../../src/compat/in6.h ../../src/flags.h ../../src/proto.h \
@@ -68,13 +70,14 @@ inet_pton.o: inet_pton.c inet_pton.h ../../src/main.h ../../config.h \
../../src/compat/compat.h ../../src/compat/base64.h \
../../src/compat/inet_aton.h ../../src/compat/snprintf.h \
../../src/compat/inet_pton.h ../../src/compat/gethostbyname2.h \
../../src/compat/strlcpy.h
../../src/compat/explicit_bzero.h ../../src/compat/strlcpy.h
snprintf.o: snprintf.c ../../src/main.h ../../config.h ../../eggint.h \
../../lush.h ../../src/lang.h ../../src/eggdrop.h ../../src/compat/in6.h \
../../src/flags.h ../../src/proto.h ../../src/misc_file.h \
../../src/cmdt.h ../../src/tclegg.h ../../src/tclhash.h ../../src/chan.h \
../../src/users.h ../../src/compat/compat.h ../../src/compat/base64.h \
../../src/compat/inet_aton.h ../../src/main.h \
../../src/compat/snprintf.h ../../src/compat/inet_pton.h \
../../src/compat/gethostbyname2.h ../../src/compat/strlcpy.h snprintf.h
../../src/compat/gethostbyname2.h ../../src/compat/explicit_bzero.h \
../../src/compat/strlcpy.h snprintf.h
strlcpy.o: strlcpy.c ../../config.h
@@ -28,6 +28,7 @@
#include "snprintf.h"
#include "inet_pton.h"
#include "gethostbyname2.h"
#include "explicit_bzero.h"
#include "strlcpy.h"

#endif /* !__EGG_COMPAT_COMPAT_H */
@@ -0,0 +1,94 @@
/*
* explicit_bzero.c -- provides explicit_bzero() if necessary
*/
/*
* Copyright (C) 2010 - 2018 Eggheads Development Team
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/

#include <config.h>

#ifndef HAVE_EXPLICIT_BZERO
/* https://raw.githubusercontent.com/jedisct1/libsodium/d47ded1867af69965b2374b8fb90aee01e6ff291/src/libsodium/sodium/utils.c */

/*
* ISC License
*
* Copyright (c) 2013-2019
* Frank Denis <j at pureftpd dot org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

#include <stddef.h>
#include <string.h>

/* LCOV_EXCL_START */
#ifdef HAVE_WEAK_SYMBOLS
__attribute__((weak)) void
_sodium_dummy_symbol_to_prevent_memzero_lto(void *const pnt,
const size_t len);
__attribute__((weak)) void
_sodium_dummy_symbol_to_prevent_memzero_lto(void *const pnt,
const size_t len)
{
(void) pnt; /* LCOV_EXCL_LINE */
(void) len; /* LCOV_EXCL_LINE */
}
#endif
/* LCOV_EXCL_STOP */

void
explicit_bzero(void *const pnt, const size_t len)
{
#ifdef _WIN32
SecureZeroMemory(pnt, len);
#elif defined(HAVE_MEMSET_S)
if (len > 0U && memset_s(pnt, (rsize_t) len, 0, (rsize_t) len) != 0) {
sodium_misuse(); /* LCOV_EXCL_LINE */
}
#elif defined(HAVE_EXPLICIT_MEMSET)
explicit_memset(pnt, 0, len);
#elif HAVE_WEAK_SYMBOLS
if (len > 0U) {
memset(pnt, 0, len);
_sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len);
}
# ifdef HAVE_INLINE_ASM
__asm__ __volatile__ ("" : : "r"(pnt) : "memory");
# endif
#else
volatile unsigned char *volatile pnt_ =
(volatile unsigned char *volatile) pnt;
size_t i = (size_t) 0U;

while (i < len) {
pnt_[i++] = 0U;
}
#endif
}

#endif /* HAVE_EXPLICIT_BZERO */
@@ -0,0 +1,30 @@
/*
* explicit_bzero.h
* prototypes for explicit_bzero.c
*/
/*
* Copyright (C) 2010 - 2018 Eggheads Development Team
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/

#ifndef _EGG_COMPAT_EXPLICIT_BZERO_H_
#define _EGG_COMPAT_EXPLICIT_BZERO_H_

#ifndef HAVE_EXPLICIT_BZERO
void explicit_bzero(void *const, const size_t);
#endif /* HAVE_EXPLICIT_BZERO */

#endif /* _EGG_COMPAT_EXPLICIT_BZERO_H_ */
@@ -335,6 +335,8 @@ static void dcc_bot_digest(int idx, char *challenge, char *password)
for (i = 0; i < 16; i++)
sprintf(digest_string + (i * 2), "%.2x", digest[i]);
dprintf(idx, "digest %s\n", digest_string);
explicit_bzero(digest_string, sizeof digest_string);
explicit_bzero(digest, sizeof digest);
putlog(LOG_BOTS, "*", "Received challenge from %s... sending response ...",
dcc[idx].nick);
}
@@ -568,7 +570,7 @@ static int dcc_bot_check_digest(int idx, char *remote_digest)
MD5_CTX md5context;
char digest_string[33]; /* 32 for digest in hex + null */
unsigned char digest[16];
int i;
int i, ret;
char *password = get_user(&USERENTRY_PASS, dcc[idx].user);

if (!password)
@@ -589,7 +591,12 @@ static int dcc_bot_check_digest(int idx, char *remote_digest)
for (i = 0; i < 16; i++)
sprintf(digest_string + (i * 2), "%.2x", digest[i]);

if (!strcmp(digest_string, remote_digest))
ret = strcmp(digest_string, remote_digest);
explicit_bzero(digest_string, sizeof digest_string);
explicit_bzero(digest, sizeof digest);
explicit_bzero(password, sizeof password);

if (!ret)
return 1;

putlog(LOG_BOTS, "*", "Response (password hash) from %s incorrect",
@@ -603,6 +603,7 @@ static void share_pls_bothost(int idx, char *par)
} else {
makepass(pass);
userlist = adduser(userlist, hand, par, pass, USER_BOT);
explicit_bzero(pass, sizeof pass);
}
if (!(dcc[idx].status & STAT_GETTING))
putlog(LOG_CMDS, "*", "%s: +host %s %s", dcc[idx].nick, hand, par);
@@ -650,6 +651,7 @@ static void share_change(int idx, char *par)
if (!u && (uet == &USERENTRY_BOTADDR)) {
makepass(pass);
userlist = adduser(userlist, hand, "none", pass, USER_BOT);
explicit_bzero(pass, sizeof pass);
u = get_user_by_handle(userlist, hand);
} else if (!u) {
noshare = 0;
@@ -262,6 +262,7 @@ int pass_set(struct userrec *u, struct user_entry *e, void *buf)
encrypt_pass(pass, new);
e->u.extra = user_malloc(strlen(new) + 1);
strcpy(e->u.extra, new);
explicit_bzero(new, sizeof new);
}
if (!noshare && !(u->flags & (USER_BOT | USER_UNSHARED)))
shareout(NULL, "c PASS %s %s\n", u->handle, pass ? pass : "");

0 comments on commit 6e072f0

Please sign in to comment.
You can’t perform that action at this time.