[PATCH] Zero some memory after use

Andreas Schneider asn at samba.org
Mon Feb 25 15:35:37 UTC 2019 

Hi,

here are some small patches to zero sensitive memory after use.


Review much appreciated.


Thanks,


	Andreas

-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
-------------- next part --------------
>From fa613a2ffea9b1d54b6c02a5adbe95dcffaa121b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Thu, 11 Oct 2018 14:33:52 +0200
Subject: [PATCH 1/3] libcli:smb: Zero sensitive memory after use

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 libcli/smb/smb2_signing.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 614a2b32dc0..18f5911ad5e 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -76,6 +76,8 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key,
 					vector[i].iov_len);
 		}
 		aes_cmac_128_final(&ctx, res);
+
+		ZERO_ARRAY(key);
 	} else {
 		struct HMACSHA256Context m;
 		uint8_t digest[SHA256_DIGEST_LENGTH];
@@ -149,6 +151,8 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
 					vector[i].iov_len);
 		}
 		aes_cmac_128_final(&ctx, res);
+
+		ZERO_ARRAY(key);
 	} else {
 		struct HMACSHA256Context m;
 		uint8_t digest[SHA256_DIGEST_LENGTH];
-- 
2.20.1


>From c5a3fc943283b579e2cb5cf415e4dca689e8a149 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Tue, 30 Oct 2018 17:08:35 +0100
Subject: [PATCH 2/3] auth:gensec: Make sure we zero the checksum after use

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 auth/gensec/schannel.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 364a0fcc186..441801bac47 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -347,6 +347,8 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state,
 
 	netsec_do_seq_num(state, checksum, checksum_length, seq_num);
 
+	ZERO_ARRAY(checksum);
+
 	ret = memcmp(seq_num, sig->data+8, 8);
 	if (ret != 0) {
 		dump_data_pw("calc seq num:", seq_num, 8);
-- 
2.20.1


>From 832d68eca476709f34ce1275babf729eec23fd5b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 26 Oct 2018 14:50:29 +0200
Subject: [PATCH 3/3] libcli:auth: Avoid explicit ZERO_STRUCT

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 libcli/auth/credentials.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index b6c8ba281ba..fcd5e34cc9b 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -76,14 +76,12 @@ static void netlogon_creds_init_128bit(struct netlogon_creds_CredentialState *cr
 				       const struct netr_Credential *server_challenge,
 				       const struct samr_Password *machine_password)
 {
-	unsigned char zero[4], tmp[16];
+	uint8_t zero[4] = {0}, tmp[16];
 	HMACMD5Context ctx;
 	MD5_CTX md5;
 
 	ZERO_ARRAY(creds->session_key);
 
-	memset(zero, 0, sizeof(zero));
-
 	hmac_md5_init_rfc2104(machine_password->hash, sizeof(machine_password->hash), &ctx);
 	MD5Init(&md5);
 	MD5Update(&md5, zero, sizeof(zero));
-- 
2.20.1

More information about the samba-technical mailing list