krb5 commit: Use zap() more consistently
Greg Hudson
ghudson at mit.edu
Wed Nov 9 00:49:30 EST 2016
https://github.com/krb5/krb5/commit/d58cfa06bab766cf1354bc593deea300388072c0
commit d58cfa06bab766cf1354bc593deea300388072c0
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Oct 31 12:10:48 2016 -0400
Use zap() more consistently
Use zap() or zapfree() in places where we previously used memset() to
scrub memory. Reported by Zhaomo Yang and Brian Johannesmeyer.
ticket: 8514
src/kadmin/dbutil/kdb5_create.c | 5 +----
src/kdc/main.c | 3 +--
src/lib/crypto/builtin/enc_provider/rc4.c | 6 ++----
src/lib/gssapi/krb5/delete_sec_context.c | 2 +-
src/lib/gssapi/krb5/export_sec_context.c | 2 +-
src/lib/gssapi/krb5/lucid_context.c | 4 ++--
src/lib/gssapi/mechglue/g_initialize.c | 6 ++----
src/lib/kadm5/srv/svr_principal.c | 9 ++-------
src/lib/krb5/krb/authdata.c | 3 +--
src/lib/krb5/krb/pac.c | 11 +++--------
10 files changed, 16 insertions(+), 35 deletions(-)
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index 8173b09..92bb6f6 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -348,10 +348,7 @@ void kdb5_create(argc, argv)
printf(_("Warning: couldn't stash master key.\n"));
}
/* clean up */
- if (pw_str) {
- memset(pw_str, 0, pw_size);
- free(pw_str);
- }
+ zapfree(pw_str, pw_size);
free(master_salt.data);
if (kadm5_create(&global_params)) {
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 6767ef0..ebc852b 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -170,8 +170,7 @@ finish_realm(kdc_realm_t *rdp)
krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
krb5_free_context(rdp->realm_context);
}
- memset(rdp, 0, sizeof(*rdp));
- free(rdp);
+ zapfree(rdp, sizeof(*rdp));
}
/* Set *val_out to an allocated string containing val1 and/or val2, separated
diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c
index 6fca98b..3776f80 100644
--- a/src/lib/crypto/builtin/enc_provider/rc4.c
+++ b/src/lib/crypto/builtin/enc_provider/rc4.c
@@ -144,10 +144,8 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
(const unsigned char *)iov->data.data, iov->data.length);
}
- if (state == NULL) {
- memset(arcfour_ctx, 0, sizeof(ArcfourContext));
- free(arcfour_ctx);
- }
+ if (state == NULL)
+ zapfree(arcfour_ctx, sizeof(ArcfourContext));
return 0;
}
diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c
index 89228ca..4b9dfae 100644
--- a/src/lib/gssapi/krb5/delete_sec_context.c
+++ b/src/lib/gssapi/krb5/delete_sec_context.c
@@ -87,7 +87,7 @@ krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
krb5_free_context(ctx->k5_context);
/* Zero out context */
- memset(ctx, 0, sizeof(*ctx));
+ zap(ctx, sizeof(*ctx));
xfree(ctx);
/* zero the handle itself */
diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c
index 1b3de68..49bd76d 100644
--- a/src/lib/gssapi/krb5/export_sec_context.c
+++ b/src/lib/gssapi/krb5/export_sec_context.c
@@ -91,7 +91,7 @@ error_out:
if (kret != 0 && context != 0)
save_error_info((OM_uint32)kret, context);
if (obuffer && bufsize) {
- memset(obuffer, 0, bufsize);
+ zap(obuffer, bufsize);
xfree(obuffer);
}
if (*minor_status == 0)
diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c
index 449e71f..a894f0e 100644
--- a/src/lib/gssapi/krb5/lucid_context.c
+++ b/src/lib/gssapi/krb5/lucid_context.c
@@ -266,9 +266,9 @@ free_lucid_key_data(
{
if (key) {
if (key->data && key->length) {
- memset(key->data, 0, key->length);
+ zap(key->data, key->length);
xfree(key->data);
- memset(key, 0, sizeof(gss_krb5_lucid_key_t));
+ zap(key, sizeof(gss_krb5_lucid_key_t));
}
}
}
diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index 213ea19..9197666 100644
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -560,10 +560,8 @@ releaseMechInfo(gss_mech_info *pCf)
if (cf->mech_type != GSS_C_NO_OID &&
cf->mech_type != &cf->mech->mech_type)
generic_gss_release_oid(&minor_status, &cf->mech_type);
- if (cf->mech != NULL && cf->freeMech) {
- memset(cf->mech, 0, sizeof(*cf->mech));
- free(cf->mech);
- }
+ if (cf->freeMech)
+ zapfree(cf->mech, sizeof(*cf->mech));
if (cf->dl_handle != NULL)
krb5int_close_plugin(cf->dl_handle);
if (cf->int_mech_type != GSS_C_NO_OID)
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 466204d..0640b47 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -48,13 +48,8 @@ kadm5_ret_t krb5_copy_key_data_contents(context, from, to)
if ( from->key_data_length[i] ) {
to->key_data_contents[i] = malloc(from->key_data_length[i]);
if (to->key_data_contents[i] == NULL) {
- for (i = 0; i < idx; i++) {
- if (to->key_data_contents[i]) {
- memset(to->key_data_contents[i], 0,
- to->key_data_length[i]);
- free(to->key_data_contents[i]);
- }
- }
+ for (i = 0; i < idx; i++)
+ zapfree(to->key_data_contents[i], to->key_data_length[i]);
return ENOMEM;
}
memcpy(to->key_data_contents[i], from->key_data_contents[i],
diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c
index c56f7bc..abb2ab9 100644
--- a/src/lib/krb5/krb/authdata.c
+++ b/src/lib/krb5/krb/authdata.c
@@ -480,8 +480,7 @@ krb5_authdata_context_free(krb5_context kcontext,
context->modules = NULL;
}
krb5int_close_plugin_dirs(&context->plugins);
- memset(context, 0, sizeof(*context));
- free(context);
+ zapfree(context, sizeof(*context));
}
krb5_error_code KRB5_CALLCONV
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 3a2ea23..9098927 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -125,14 +125,9 @@ krb5_pac_free(krb5_context context,
krb5_pac pac)
{
if (pac != NULL) {
- if (pac->data.data != NULL) {
- memset(pac->data.data, 0, pac->data.length);
- free(pac->data.data);
- }
- if (pac->pac != NULL)
- free(pac->pac);
- memset(pac, 0, sizeof(*pac));
- free(pac);
+ zapfree(pac->data.data, pac->data.length);
+ free(pac->pac);
+ zapfree(pac, sizeof(*pac));
}
}
More information about the cvs-krb5
mailing list