[git] Assuan - branch, master, updated. libassuan-2.2.1-6-gb5cbf11

by Werner Koch cvs at cvs.gnupg.org
Fri Aug 7 12:22:33 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPC library used by GnuPG".

The branch, master has been updated
       via  b5cbf11ccece653819a782a3e8adbb785fe36d7d (commit)
      from  87def94c86d5272c23daf2b5ea446c5553aa1d90 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b5cbf11ccece653819a782a3e8adbb785fe36d7d
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 7 11:26:00 2015 +0200

    Wipe the context before releasing as an extra safeguard.
    
    * src/assuan-defs.h (wipememory2, wipememory): New.  Taken from GnuPG.
    * src/assuan.c (assuan_release): Wipe the context.
    --
    
    The assuan context has buffers which may carry senitive information.
    These buffers could be wiped out with each flush but that is too
    expensive.  Thus we only wipe them when freeing the context.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/assuan-defs.h b/src/assuan-defs.h
index 68cd810..cf0015e 100644
--- a/src/assuan-defs.h
+++ b/src/assuan-defs.h
@@ -404,6 +404,16 @@ int _assuan_asprintf (char **buf, const char *fmt, ...);
 
 #define DIM(v)		     (sizeof(v)/sizeof((v)[0]))
 
+/* To avoid that a compiler optimizes memset calls away, these macros
+   can be used. */
+#define wipememory2(_ptr,_set,_len) do { \
+              volatile char *_vptr=(volatile char *)(_ptr); \
+              size_t _vlen=(_len); \
+              while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
+                  } while(0)
+#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
+
+
 #if HAVE_W64_SYSTEM
 # define SOCKET2HANDLE(s) ((void *)(s))
 # define HANDLE2SOCKET(h) ((uintptr_t)(h))
diff --git a/src/assuan.c b/src/assuan.c
index 5cbb86c..d4c4b56 100644
--- a/src/assuan.c
+++ b/src/assuan.c
@@ -189,7 +189,11 @@ assuan_release (assuan_context_t ctx)
 
   _assuan_reset (ctx);
   /* None of the members that are our responsibility requires
-     deallocation.  */
+     deallocation.  To avoid sensitive data in the line buffers we
+     wipe them out, though.  Note that we can't wipe the entire
+     context because it also has a pointer to the actual free().  */
+  wipememory (&ctx->inbound, sizeof ctx->inbound);
+  wipememory (&ctx->outbound, sizeof ctx->outbound);
   _assuan_free (ctx, ctx);
 }
 

-----------------------------------------------------------------------

Summary of changes:
 src/assuan-defs.h | 10 ++++++++++
 src/assuan.c      |  6 +++++-
 2 files changed, 15 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
IPC library used by GnuPG
http://git.gnupg.org

More information about the Gnupg-commits mailing list