Browse code
proxy.c: Clear sensitive data after use
Usage of credentials is a bit odd in this file.
Actually the copy of "struct user_pass" kept in p->up is not
required at all. It just defeats the purpose of auth-nocahe
as it never gets cleared.
Removing it is beyond the scope of this patch -- we just ensure
it's purged after use.
Change-Id: Ic6d63a319d272a56ac0e278f1356bc5241b56a34
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20240905100724.4105-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29061.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit dbe7e456954bf001420c4552c2b6e184ec6e068c)
Selva Nair authored on 2024/09/05 19:07:24Showing 1 changed files
| ... | ... |
@@ -247,7 +247,9 @@ username_password_as_base64(const struct http_proxy_info *p, |
| 247 | 247 |
struct buffer out = alloc_buf_gc(strlen(p->up.username) + strlen(p->up.password) + 2, gc); |
| 248 | 248 |
ASSERT(strlen(p->up.username) > 0); |
| 249 | 249 |
buf_printf(&out, "%s:%s", p->up.username, p->up.password); |
| 250 |
- return (const char *)make_base64_string((const uint8_t *)BSTR(&out), gc); |
|
| 250 |
+ char *ret = (char *)make_base64_string((const uint8_t *)BSTR(&out), gc); |
|
| 251 |
+ secure_memzero(BSTR(&out), out.len); |
|
| 252 |
+ return ret; |
|
| 251 | 253 |
} |
| 252 | 254 |
|
| 253 | 255 |
static void |
| ... | ... |
@@ -737,6 +739,9 @@ establish_http_proxy_passthru(struct http_proxy_info *p, |
| 737 | 737 |
ASSERT(0); |
| 738 | 738 |
} |
| 739 | 739 |
|
| 740 |
+ /* clear any sensitive content in buf */ |
|
| 741 |
+ secure_memzero(buf, sizeof(buf)); |
|
| 742 |
+ |
|
| 740 | 743 |
/* send empty CR, LF */ |
| 741 | 744 |
if (!send_crlf(sd)) |
| 742 | 745 |
{
|
| ... | ... |
@@ -978,6 +983,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p, |
| 978 | 978 |
{
|
| 979 | 979 |
goto error; |
| 980 | 980 |
} |
| 981 |
+ /* clear any sensitive content in buf */ |
|
| 982 |
+ secure_memzero(buf, sizeof(buf)); |
|
| 981 | 983 |
|
| 982 | 984 |
/* receive reply from proxy */ |
| 983 | 985 |
if (!recv_line(sd, buf, sizeof(buf), get_server_poll_remaining_time(server_poll_timeout), true, NULL, signal_received)) |
| ... | ... |
@@ -1081,10 +1088,12 @@ establish_http_proxy_passthru(struct http_proxy_info *p, |
| 1081 | 1081 |
#endif |
| 1082 | 1082 |
|
| 1083 | 1083 |
done: |
| 1084 |
+ purge_user_pass(&p->up, true); |
|
| 1084 | 1085 |
gc_free(&gc); |
| 1085 | 1086 |
return ret; |
| 1086 | 1087 |
|
| 1087 | 1088 |
error: |
| 1089 |
+ purge_user_pass(&p->up, true); |
|
| 1088 | 1090 |
register_signal(sig_info, SIGUSR1, "HTTP proxy error"); /* SOFT-SIGUSR1 -- HTTP proxy error */ |
| 1089 | 1091 |
gc_free(&gc); |
| 1090 | 1092 |
return ret; |