[PATCH] memset_s() and talloc_set_secure()
Andrew Bartlett
abartlet at samba.org
Thu Oct 11 10:39:47 UTC 2018
On Thu, 2018-10-11 at 12:17 +0200, Andreas Schneider via samba-
technical wrote:
> Hello,
>
> the attached patch adds memset_s() [1] and talloc_set_secure(). It will make
> sure that memory is zeroed/erased before freeing to not keep secrets around.
+#define TALLOC_FLAG_SECURE 0x10
/*
* Bits above this are random, used to make it harder to fake talloc
* headers during an attack. Try not to change this without good
reason.
*/
#define TALLOC_FLAG_MASK 0x0F
You need to change TALLOC_FLAG_MASK. However it makes the test a bit
of a concern. It says '+/* A test case that does nothing and succeeds.
*/' and looks like it.
Did your test run reliably? I would have hoped that 50% of the time it
would break the magic and cause the talloc_free() to fail!
Can you please add a test that confirms the patch does what it says,
that the memory becomes zero? (perhaps use a pool to avoid use-after-
free drama).
Finally, in Samba, we bump the z of the x.y.z version for new function
signatures.
Thanks!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list