1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 09:21:26 +03:00

Use _cleanup(free_and_erasep) where appropriate

Replaces #12959.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-07-05 11:29:10 +02:00
parent 44c786f04a
commit e693a93235
5 changed files with 38 additions and 62 deletions

View File

@ -718,7 +718,7 @@ int config_parse_macsec_key(
_cleanup_(macsec_transmit_association_free_or_set_invalidp) TransmitAssociation *a = NULL; _cleanup_(macsec_transmit_association_free_or_set_invalidp) TransmitAssociation *a = NULL;
_cleanup_(macsec_receive_association_free_or_set_invalidp) ReceiveAssociation *b = NULL; _cleanup_(macsec_receive_association_free_or_set_invalidp) ReceiveAssociation *b = NULL;
_cleanup_free_ void *p; _cleanup_(erase_and_freep) void *p = NULL;
MACsec *s = userdata; MACsec *s = userdata;
SecurityAssociation *dest; SecurityAssociation *dest;
size_t l; size_t l;
@ -743,18 +743,17 @@ int config_parse_macsec_key(
r = unhexmem_full(rvalue, strlen(rvalue), true, &p, &l); r = unhexmem_full(rvalue, strlen(rvalue), true, &p, &l);
if (r < 0) { if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse key. Ignoring assignment: %m");
"Failed to parse key. Ignoring assignment: %m");
return 0;
}
if (l != 16) {
/* See DEFAULT_SAK_LEN in drivers/net/macsec.c */
explicit_bzero_safe(p, l);
log_syntax(unit, LOG_ERR, filename, line, 0,
"Invalid key length (%zu). Ignoring assignment", l);
return 0; return 0;
} }
if (l != 16) {
/* See DEFAULT_SAK_LEN in drivers/net/macsec.c */
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid key length (%zu). Ignoring assignment", l);
return 0;
}
explicit_bzero_safe(dest->key, dest->key_len);
free_and_replace(dest->key, p); free_and_replace(dest->key, p);
dest->key_len = l; dest->key_len = l;
@ -972,7 +971,7 @@ int config_parse_macsec_use_for_encoding(
} }
static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) { static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
_cleanup_free_ uint8_t *key = NULL; _cleanup_(erase_and_freep) uint8_t *key = NULL;
size_t key_len; size_t key_len;
int r; int r;
@ -987,12 +986,10 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
return log_netdev_error_errno(netdev, r, return log_netdev_error_errno(netdev, r,
"Failed to read key from '%s', ignoring: %m", "Failed to read key from '%s', ignoring: %m",
sa->key_file); sa->key_file);
if (key_len != 16) {
explicit_bzero_safe(key, key_len); if (key_len != 16)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL), return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"Invalid key length (%zu bytes), ignoring: %m", "Invalid key length (%zu bytes), ignoring: %m", key_len);
key_len);
}
explicit_bzero_safe(sa->key, sa->key_len); explicit_bzero_safe(sa->key, sa->key_len);
free_and_replace(sa->key, key); free_and_replace(sa->key, key);

View File

@ -480,7 +480,7 @@ static int wireguard_decode_key_and_warn(
unsigned line, unsigned line,
const char *lvalue) { const char *lvalue) {
_cleanup_free_ void *key = NULL; _cleanup_(erase_and_freep) void *key = NULL;
size_t len; size_t len;
int r; int r;
@ -501,12 +501,10 @@ static int wireguard_decode_key_and_warn(
if (r < 0) if (r < 0)
return log_syntax(unit, LOG_ERR, filename, line, r, return log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to decode wireguard key provided by %s=, ignoring assignment: %m", lvalue); "Failed to decode wireguard key provided by %s=, ignoring assignment: %m", lvalue);
if (len != WG_KEY_LEN) { if (len != WG_KEY_LEN)
explicit_bzero_safe(key, len);
return log_syntax(unit, LOG_ERR, filename, line, 0, return log_syntax(unit, LOG_ERR, filename, line, 0,
"Wireguard key provided by %s= has invalid length (%zu bytes), ignoring assignment.", "Wireguard key provided by %s= has invalid length (%zu bytes), ignoring assignment.",
lvalue, len); lvalue, len);
}
memcpy(ret, key, WG_KEY_LEN); memcpy(ret, key, WG_KEY_LEN);
return 0; return 0;
@ -894,7 +892,7 @@ static void wireguard_done(NetDev *netdev) {
} }
static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_KEY_LEN]) { static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_KEY_LEN]) {
_cleanup_free_ char *key = NULL; _cleanup_(erase_and_freep) char *key = NULL;
size_t key_len; size_t key_len;
int r; int r;
@ -905,17 +903,11 @@ static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_
if (r < 0) if (r < 0)
return r; return r;
if (key_len != WG_KEY_LEN) { if (key_len != WG_KEY_LEN)
r = -EINVAL; return -EINVAL;
goto finalize;
}
memcpy(dest, key, WG_KEY_LEN); memcpy(dest, key, WG_KEY_LEN);
r = 0; return 0;
finalize:
explicit_bzero_safe(key, key_len);
return r;
} }
static int wireguard_peer_verify(WireguardPeer *peer) { static int wireguard_peer_verify(WireguardPeer *peer) {

View File

@ -35,7 +35,7 @@ static int send_on_socket(int fd, const char *socket_name, const void *packet, s
} }
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
_cleanup_free_ char *packet = NULL; _cleanup_(erase_and_freep) char *packet = NULL;
_cleanup_close_ int fd = -1; _cleanup_close_ int fd = -1;
size_t length = 0; size_t length = 0;
int r; int r;
@ -93,7 +93,5 @@ int main(int argc, char *argv[]) {
r = send_on_socket(fd, argv[2], packet, length); r = send_on_socket(fd, argv[2], packet, length);
finish: finish:
explicit_bzero_safe(packet, length);
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
} }

View File

@ -63,13 +63,16 @@ static int lookup_key(const char *keyname, key_serial_t *ret) {
} }
static int retrieve_key(key_serial_t serial, char ***ret) { static int retrieve_key(key_serial_t serial, char ***ret) {
_cleanup_free_ char *p = NULL; size_t nfinal, m = 100;
long m = 100, n;
char **l; char **l;
_cleanup_(erase_and_freep) char *pfinal = NULL;
assert(ret); assert(ret);
for (;;) { for (;;) {
_cleanup_(erase_and_freep) char *p = NULL;
long n;
p = new(char, m); p = new(char, m);
if (!p) if (!p)
return -ENOMEM; return -ENOMEM;
@ -77,33 +80,28 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0); n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0);
if (n < 0) if (n < 0)
return -errno; return -errno;
if (n < m) if ((size_t) n < m) {
nfinal = (size_t) n;
pfinal = TAKE_PTR(p);
break; break;
}
explicit_bzero_safe(p, m);
if (m > LONG_MAX / 2) /* overflow check */ if (m > LONG_MAX / 2) /* overflow check */
return -ENOMEM; return -ENOMEM;
m *= 2; m *= 2;
if ((long) (size_t) m != m) /* make sure that this still fits if converted to size_t */
return -ENOMEM;
free(p);
} }
l = strv_parse_nulstr(p, n); l = strv_parse_nulstr(pfinal, nfinal);
if (!l) if (!l)
return -ENOMEM; return -ENOMEM;
explicit_bzero_safe(p, n);
*ret = l; *ret = l;
return 0; return 0;
} }
static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **passwords) { static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **passwords) {
_cleanup_strv_free_erase_ char **l = NULL; _cleanup_strv_free_erase_ char **l = NULL;
_cleanup_free_ char *p = NULL; _cleanup_(erase_and_freep) char *p = NULL;
key_serial_t serial; key_serial_t serial;
size_t n; size_t n;
int r; int r;
@ -131,7 +129,6 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa
return r; return r;
serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING); serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING);
explicit_bzero_safe(p, n);
if (serial == -1) if (serial == -1)
return -errno; return -errno;

View File

@ -238,13 +238,13 @@ finish:
} }
static int send_passwords(const char *socket_name, char **passwords) { static int send_passwords(const char *socket_name, char **passwords) {
_cleanup_free_ char *packet = NULL; _cleanup_(erase_and_freep) char *packet = NULL;
_cleanup_close_ int socket_fd = -1; _cleanup_close_ int socket_fd = -1;
union sockaddr_union sa = {}; union sockaddr_union sa = {};
size_t packet_length = 1; size_t packet_length = 1;
char **p, *d; char **p, *d;
ssize_t n; ssize_t n;
int r, salen; int salen;
assert(socket_name); assert(socket_name);
@ -266,22 +266,14 @@ static int send_passwords(const char *socket_name, char **passwords) {
d = stpcpy(d, *p) + 1; d = stpcpy(d, *p) + 1;
socket_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0); socket_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
if (socket_fd < 0) { if (socket_fd < 0)
r = log_debug_errno(errno, "socket(): %m"); return log_debug_errno(errno, "socket(): %m");
goto finish;
}
n = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, salen); n = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, salen);
if (n < 0) { if (n < 0)
r = log_debug_errno(errno, "sendto(): %m"); return log_debug_errno(errno, "sendto(): %m");
goto finish;
}
r = (int) n; return (int) n;
finish:
explicit_bzero_safe(packet, packet_length);
return r;
} }
static int parse_password(const char *filename, char **wall) { static int parse_password(const char *filename, char **wall) {