Commit d63cd26e authored by Thomas Haller's avatar Thomas Haller
Browse files

shared: improve nm_free_secret() to clear entire memory buffer

The purpose is to clear the entire available buffer, not only
up to the first '\0'. This is done, because otherwise we might
leak sensitive data that happens to be after the first '\0',
or we might give away the length of the secrets.

Of course, those are very (very) minor concerns. But avoiding them is
easy enough.
parent 1c7ea45a
......@@ -8,6 +8,8 @@
#include "nm-secret-utils.h"
#include <malloc.h>
/*****************************************************************************/
void
......@@ -32,6 +34,30 @@ nm_explicit_bzero (void *s, gsize n)
#endif
}
void
nm_free_secret (char *secret)
{
gsize len;
if (!secret)
return;
#if GLIB_CHECK_VERSION(2,44,0)
/* Here we mix malloc() and g_malloc() API. Usually we avoid this,
* however since glib 2.44.0 we are in fact guaranteed that g_malloc()/g_free()
* just wraps malloc()/free(), so this is actually fine.
*
* See https://gitlab.gnome.org/GNOME/glib/commit/3be6ed60aa58095691bd697344765e715a327fc1
*/
len = malloc_usable_size (secret);
#else
len = strlen (secret);
#endif
nm_explicit_bzero (secret, len);
g_free (secret);
}
/*****************************************************************************/
char *
......
......@@ -18,14 +18,7 @@ char *nm_secret_strchomp (char *secret);
/*****************************************************************************/
static inline void
nm_free_secret (char *secret)
{
if (secret) {
nm_explicit_bzero (secret, strlen (secret));
g_free (secret);
}
}
void nm_free_secret (char *secret);
NM_AUTO_DEFINE_FCN0 (char *, _nm_auto_free_secret, nm_free_secret)
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment