[patch] wipe secure memory after iconv failure
Werner Koch
wk at gnupg.org
Mon Jan 26 17:59:18 CET 2015
On Wed, 21 Jan 2015 05:49, dkg at fifthhorseman.net said:
> From: Eygene Ryabinkin <rea at codelabs.ru>
> Date: Mon, 5 Jan 2015 02:38:11 +0300
> Subject: [PATCH] Apply secure wipe after iconv failure
>
> Iconv conversion can fail in the middle of operation, so "pwbuf"
> can have some parts of the password, so it is safer to clean it
Right; but ...
> log_error ("error converting passphrase to"
> " requested charset '%s': %s\n",
> charset, strerror (errno));
> - gcry_free (pwbuf);
> - pwbuf = NULL;
PWBUF has been allocated using
pwbuf = gcry_malloc_secure (pwbufsize);
and thus it has been allocated in secure memory. Even if it is
questionable whether that mlock()ed memory area is still useful, it has
the property that gcry_free will overwrite the allocated memory. The
secure memory allocator knows about the size and thus there is no need
to for the application to keep track of it.
The wipememory at
if (pwbuf)
{
wipememory (pwbuf, pwbufsize);
gcry_free (pwbuf);
}
is just a failsafe method in case the code is being used with an
improper memory allocator. We could just remove that wipememory.
However your fix removes code which is is a good idea anyway and thus I
will use that (commit 6c87d1c). Thanks.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list