ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 02:46:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- Rename common-packet.c to packet.c

Browse Source 
- buf_burn the unencrypted read/write payload buffers after use to avoid
  sensitive contents sitting in memory for too long

--HG--
extra : convert_revision : 19227d63bda554e819ae7df919bfd18911d5b4a0
This commit is contained in:
Matt Johnston 2004-07-27 02:14:42 +00:00
parent a9c38fb37f
commit 471d28bd10
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
common-packet.c → packet.c
View File

@ -444,6 +444,10 @@ void encrypt_packet() {
} }
/* finished with payload */ /* finished with payload */
buf_burn(ses.writepayload); /* XXX This is probably a good idea, and isn't
_that_ likely to hurt performance too badly.
Buffers can have cleartext passwords etc, or
other sensitive data */
buf_setpos(ses.writepayload, 0); buf_setpos(ses.writepayload, 0);
buf_setlen(ses.writepayload, 0); buf_setlen(ses.writepayload, 0);

3
process-packet.c
View File

@ -116,7 +116,7 @@ void process_packet() {
* less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ). * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ).
* NOTE: if the protocol changes and new types are added, revisit this * NOTE: if the protocol changes and new types are added, revisit this
* assumption */ * assumption */
if ( !ses.authdone && type > MAX_UNAUTH_PACKET_TYPE ) { if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
dropbear_exit("received message %d before userauth", type); dropbear_exit("received message %d before userauth", type);
} }
@ -138,6 +138,7 @@ void process_packet() {
recv_unimplemented(); recv_unimplemented();
out: out:
buf_burn(ses.payload); /* Clear the memory to avoid swapping it out */
buf_free(ses.payload); buf_free(ses.payload);
ses.payload = NULL; ses.payload = NULL;