illumos-gate Cdiff usr/src/lib/pkcs11/libpkcs11/common/metaAttrManager.c

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


*** 20,29 ****
--- 20,30 ----
   */
  /*
   * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
   * Use is subject to license terms.
   * Copyright 2012 Milan Jurik. All rights reserved.
+  * Copyright (c) 2018, Joyent, Inc.
   */
  
  #include <string.h>
  #include <stdlib.h>
  #include <strings.h>
*** 524,534 ****
                   * Zero-out any attribute values. We could do this just for
                   * attributes with isSensitive == True, but it's not much
                   * extra work to just do them all. [Most attributes are just
                   * 1 or 4 bytes]
                   */
!                 bzero(attr->attribute.pValue, attr->attribute.ulValueLen);
  
                  if (attr->isMalloced)
                          free(attr->attribute.pValue);
          }
  
--- 525,536 ----
                   * Zero-out any attribute values. We could do this just for
                   * attributes with isSensitive == True, but it's not much
                   * extra work to just do them all. [Most attributes are just
                   * 1 or 4 bytes]
                   */
!                 explicit_bzero(attr->attribute.pValue,
!                     attr->attribute.ulValueLen);
  
                  if (attr->isMalloced)
                          free(attr->attribute.pValue);
          }
  
*** 562,578 ****
          /* Store the new value. */
          if (attr->attribute.ulValueLen >= new_attr->ulValueLen) {
                  /* Existing storage is sufficient to store new value. */
  
                  /* bzero() out any data that won't be overwritten. */
!                 bzero((char *)attr->attribute.pValue + new_attr->ulValueLen,
                      attr->attribute.ulValueLen - new_attr->ulValueLen);
  
          } else if (new_attr->ulValueLen <= sizeof (attr->generic_data)) {
                  /* Use generic storage to avoid a malloc. */
  
!                 bzero(attr->attribute.pValue, attr->attribute.ulValueLen);
                  if (attr->isMalloced) {
                          /*
                           * If app sets a large value (triggering a malloc),
                           * then sets a tiny value, and finally again sets
                           * a large value (phew!) we could end up here.
--- 564,582 ----
          /* Store the new value. */
          if (attr->attribute.ulValueLen >= new_attr->ulValueLen) {
                  /* Existing storage is sufficient to store new value. */
  
                  /* bzero() out any data that won't be overwritten. */
!                 explicit_bzero((char *)attr->attribute.pValue +
!                     new_attr->ulValueLen,
                      attr->attribute.ulValueLen - new_attr->ulValueLen);
  
          } else if (new_attr->ulValueLen <= sizeof (attr->generic_data)) {
                  /* Use generic storage to avoid a malloc. */
  
!                 explicit_bzero(attr->attribute.pValue,
!                     attr->attribute.ulValueLen);
                  if (attr->isMalloced) {
                          /*
                           * If app sets a large value (triggering a malloc),
                           * then sets a tiny value, and finally again sets
                           * a large value (phew!) we could end up here.