illumos-gate Udiff usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

@@ -19,10 +19,11 @@
  * CDDL HEADER END
  */
 
 /*
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2018, Joyent, Inc.
  */
 
 #include <strings.h>
 #include <cryptoutil.h>
 #include <security/cryptoki.h>

@@ -335,13 +336,16 @@
                 if ((soft_keystore_pin_initialized(&pin_initialized,
                     &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
                         pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
         }
 
-        if (ks_cryptpin)
-                free(ks_cryptpin);
+        if (ks_cryptpin != NULL) {
+                size_t cplen = strlen(ks_cryptpin) + 1;
 
+                freezero(ks_cryptpin, cplen);
+        }
+
         /* Provide information about a token in the provided buffer */
         (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
         (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
         (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
         (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);