nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-05-28 15:24:49 -05:00
Code Issues Projects Releases Wiki Activity

Add some missing smemclrs and sfrees.

Browse Source 
The absence of these could have prevented sensitive private key
information from being properly cleared out of memory that PuTTY tools
had finished with.

Thanks to Patrick Coleman for spotting this and sending a patch.
This commit is contained in:
Simon Tatham 2015-02-19 20:08:18 +00:00
parent 1f75792805
commit 65f69bca73
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
sshpubk.c
View File

@ -796,6 +796,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
goto error;
}
sfree(public_blob);
smemclr(private_blob, private_blob_len);
sfree(private_blob);
sfree(encryption);
if (errorstr)
@ -816,8 +817,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
sfree(mac);
if (public_blob)
sfree(public_blob);
if (private_blob)
sfree(private_blob);
if (private_blob) {
smemclr(private_blob, private_blob_len);
sfree(private_blob);
}
if (errorstr)
*errorstr = error;
return ret;
@ -1106,8 +1109,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
}
fp = f_open(filename, "w", TRUE);
if (!fp)
return 0;
if (!fp) {
sfree(pub_blob);
smemclr(priv_blob, priv_blob_len);
sfree(priv_blob);
smemclr(priv_blob_encrypted, priv_blob_len);
sfree(priv_blob_encrypted);
return 0;
}
fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name);
fprintf(fp, "Encryption: %s\n", cipherstr);
fprintf(fp, "Comment: %s\n", key->comment);
@ -1124,6 +1133,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
sfree(pub_blob);
smemclr(priv_blob, priv_blob_len);
sfree(priv_blob);
smemclr(priv_blob_encrypted, priv_blob_len);
sfree(priv_blob_encrypted);
return 1;
}