[PATCH] memset_s() and talloc_set_secure()

Andrew Bartlett abartlet at samba.org
Thu Oct 11 10:39:47 UTC 2018


On Thu, 2018-10-11 at 12:17 +0200, Andreas Schneider via samba-
technical wrote:
> Hello,
> 
> the attached patch adds memset_s() [1] and talloc_set_secure(). It will make 
> sure that memory is zeroed/erased before freeing to not keep secrets around.

+#define TALLOC_FLAG_SECURE 0x10

/*
 * Bits above this are random, used to make it harder to fake talloc
 * headers during an attack.  Try not to change this without good
reason.
 */
#define TALLOC_FLAG_MASK 0x0F

You need to change TALLOC_FLAG_MASK.  However it makes the test a bit
of a concern.  It says '+/* A test case that does nothing and succeeds.
*/' and looks like it.

Did your test run reliably?  I would have hoped that 50% of the time it
would break the magic and cause the talloc_free() to fail!

Can you please add a test that confirms the patch does what it says,
that the memory becomes zero?  (perhaps use a pool to avoid use-after-
free drama). 

Finally, in Samba, we bump the z of the x.y.z version for new function
signatures. 

Thanks!
 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba





More information about the samba-technical mailing list