From 471d28bd1035678289c744fb95ad4dd7df1b6868 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 27 Jul 2004 02:14:42 +0000 Subject: [PATCH] - Rename common-packet.c to packet.c - buf_burn the unencrypted read/write payload buffers after use to avoid sensitive contents sitting in memory for too long --HG-- extra : convert_revision : 19227d63bda554e819ae7df919bfd18911d5b4a0 --- common-packet.c => packet.c | 4 ++++ process-packet.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) rename common-packet.c => packet.c (98%) diff --git a/common-packet.c b/packet.c similarity index 98% rename from common-packet.c rename to packet.c index 39387bf..886fe67 100644 --- a/common-packet.c +++ b/packet.c @@ -444,6 +444,10 @@ void encrypt_packet() { } /* finished with payload */ + buf_burn(ses.writepayload); /* XXX This is probably a good idea, and isn't + _that_ likely to hurt performance too badly. + Buffers can have cleartext passwords etc, or + other sensitive data */ buf_setpos(ses.writepayload, 0); buf_setlen(ses.writepayload, 0); diff --git a/process-packet.c b/process-packet.c index afa45ef..f9f6dee 100644 --- a/process-packet.c +++ b/process-packet.c @@ -116,7 +116,7 @@ void process_packet() { * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ). * NOTE: if the protocol changes and new types are added, revisit this * assumption */ - if ( !ses.authdone && type > MAX_UNAUTH_PACKET_TYPE ) { + if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) { dropbear_exit("received message %d before userauth", type); } @@ -138,6 +138,7 @@ void process_packet() { recv_unimplemented(); out: + buf_burn(ses.payload); /* Clear the memory to avoid swapping it out */ buf_free(ses.payload); ses.payload = NULL;