[EGIT] [core/enlightenment] master 01/02: e auth - use our memclear and fill it out with modern zeroing methods

Tue, 18 Feb 2020 02:58:14 -0800 

raster pushed a commit to branch master.

http://git.enlightenment.org/core/enlightenment.git/commit/?id=a3ae1b0ac2db92d869a9f414532cd425ac2e09a7

commit a3ae1b0ac2db92d869a9f414532cd425ac2e09a7
Author: Carsten Haitzler (Rasterman) <ras...@rasterman.com>
Date:   Tue Feb 18 10:25:23 2020 +0000

    e auth - use our memclear and fill it out with modern zeroing methods
    
    so memset_s still doesn't get detected (add a check anyway), but there
    are other alternatives, so detect and use them if found
    (explicit_bzero, explicit_memset) in addition to the generally
    "practically works" memset ptr method we had and.. just to be extra
    safe add an asm memory barrier to this fallback. also.. mlock the
    passwd memory in lokker (if it doesn't work - don't worry - there is
    nothing we can do, so we did our best) to avoid this memory gettign
    swapped etc.
---
 meson.build                 | 12 ++++++++++++
 src/bin/e_auth.c            |  6 ++----
 src/bin/e_utils.c           | 30 +++++++++++++++++-------------
 src/modules/lokker/lokker.c |  7 +++++++
 4 files changed, 38 insertions(+), 17 deletions(-)

diff --git a/meson.build b/meson.build
index 3d53a720c..e62aa3cb2 100644
--- a/meson.build
+++ b/meson.build
@@ -186,6 +186,18 @@ if cc.has_header('execinfo.h') == true
 elif cc.has_function('backtrace_symbols_fd', dependencies: 'execinfo') == false
   execinfo_dep = dependency('execinfo', required: false)
 endif
+if cc.has_function('explicit_bzero') == true
+  config_h.set('HAVE_EXPLICIT_BZERO'   , '1')
+endif
+if cc.has_function('explicit_memset') == true
+  config_h.set('HAVE_EXPLICIT_MEMSET'  , '1')
+endif
+if cc.has_function('memset_s') == true
+  config_h.set('HAVE_MEMSET_S'         , '1')
+endif
+if cc.has_function('mlock') == true
+  config_h.set('HAVE_MLOCK'            , '1')
+endif
 
 if cc.has_header('fnmatch.h') == false
   error('fnmatch.h not found')
diff --git a/src/bin/e_auth.c b/src/bin/e_auth.c
index 92670f5d3..3fdb2eec7 100644
--- a/src/bin/e_auth.c
+++ b/src/bin/e_auth.c
@@ -3,7 +3,7 @@
 E_API int
 e_auth_begin(char *passwd)
 {
-   char buf[PATH_MAX], *p;
+   char buf[PATH_MAX];
    Ecore_Exe *exe = NULL;
    int ret = 0;
    size_t pwlen;
@@ -31,9 +31,7 @@ e_auth_begin(char *passwd)
 out:
    if (exe) ecore_exe_free(exe);
 
-   /* security - null out passwd string once we are done with it */
-   for (p = passwd; *p; p++) *p = 0;
-   if (passwd[rand() % pwlen]) fprintf(stderr, "ACK!\n");
+   e_util_memclear(passwd, pwlen);
    return ret;
 }
 
diff --git a/src/bin/e_utils.c b/src/bin/e_utils.c
index 8117e22f3..96c067989 100644
--- a/src/bin/e_utils.c
+++ b/src/bin/e_utils.c
@@ -1458,25 +1458,29 @@ e_util_evas_objects_above_print_smart(Evas_Object *o)
      }
 }
 
-/*
- * NOTICE: This function should not be used by external modules!!!
- *
- * This function is just a hack to allow us to "securely" clear sensitive
- * info until memset_s() is readily available, or at least we move this hack
- * to Eina.
- *
- * This is going to work until link time optimizations are good enough.
- * Hopefully by then, we'll be able to properly use memset_s().
- */
-static void *(* const volatile memset_ptr)(void *, int, size_t) = memset;
+#if   defined(HAVE_MEMSET_S)
+#elif defined(HAVE_EXPLICIT_BZERO)
+#elif defined(HAVE_EXPLICIT_MEMSET)
+#else
+void *(* const volatile __memset_ptr)(void *, int, size_t) = memset;
+#endif
 
 E_API void
 e_util_memclear(void *s, size_t n)
 {
-   memset_ptr(s, 0, n);
+   if (n == 0) return;
+#if   defined(HAVE_MEMSET_S)
+   memset_s(s, n, 0, n);
+#elif defined(HAVE_EXPLICIT_BZERO)
+   explicit_bzero(s, n);
+#elif defined(HAVE_EXPLICIT_MEMSET)
+   explicit_memset(s, 0, n);
+#else
+   __memset_ptr(s, 0, n);
+   __asm__ __volatile__("": :"r"(s) : "memory");
+#endif
 }
 
-
 E_API Ecore_Exe *
 e_util_open(const char *exe, void *data)
 {
diff --git a/src/modules/lokker/lokker.c b/src/modules/lokker/lokker.c
index aa0e7e482..f52ceae1c 100644
--- a/src/modules/lokker/lokker.c
+++ b/src/modules/lokker/lokker.c
@@ -1,4 +1,5 @@
 #include "e_mod_main.h"
+#include <sys/mman.h>
 
 #define PASSWD_LEN                256
 
@@ -858,6 +859,9 @@ lokker_lock(void)
      }
    edd = E_NEW(Lokker_Data, 1);
    if (!edd) return EINA_FALSE;
+#ifdef HAVE_MLOCK
+   mlock(edd, sizeof(Lokker_Data));
+#endif
 
    E_LIST_FOREACH(e_comp->zones, _lokker_popup_add);
    total_zone_num = eina_list_count(e_comp->zones);
@@ -881,5 +885,8 @@ lokker_unlock(void)
    E_FREE_LIST(edd->handlers, ecore_event_handler_del);
    if (edd->move_handler) ecore_event_handler_del(edd->move_handler);
 
+#ifdef HAVE_MLOCK
+   munlock(edd, sizeof(Lokker_Data));
+#endif
    E_FREE(edd);
 }

--

Reply via email to