From bde7b6b158c0f69537fb0b95d2325923b180e3ba Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Fri, 1 Mar 2019 19:28:00 +0000 Subject: [PATCH] Change sensitive strbufs/sgrowarrays to the new _nm version. The _nm strategy is slower, so I don't want to just change everything over no matter what its contents. In this pass I've tried to catch everything that holds the _really_ sensitive things like passwords, private keys and session keys. --- import.c | 30 +++++++++++++++--------------- proxy.c | 2 +- sesschan.c | 2 +- sftpcommon.c | 2 +- ssh1login-server.c | 2 +- ssh1login.c | 4 ++-- ssh2kex-client.c | 2 +- ssh2transport.c | 12 ++++++------ sshcommon.c | 2 +- sshecc.c | 4 ++-- sshhmac.c | 2 +- sshpubk.c | 14 +++++++------- sshrsa.c | 4 ++-- sshshare.c | 8 ++++---- sshzlib.c | 4 ++-- telnet.c | 2 +- unix/ux_x11.c | 2 +- utils.c | 8 ++++---- 18 files changed, 53 insertions(+), 53 deletions(-) diff --git a/import.c b/import.c index 576bb315..c4410782 100644 --- a/import.c +++ b/import.c @@ -313,7 +313,7 @@ static struct openssh_pem_key *load_openssh_pem_key(const Filename *filename, int base64_chars = 0; ret = snew(struct openssh_pem_key); - ret->keyblob = strbuf_new(); + ret->keyblob = strbuf_new_nm(); fp = f_open(filename, "r", false); if (!fp) { @@ -535,7 +535,7 @@ static ssh2_userkey *openssh_pem_read( int i, num_integers; ssh2_userkey *retval = NULL; const char *errmsg; - strbuf *blob = strbuf_new(); + strbuf *blob = strbuf_new_nm(); int privptr = 0, publen; if (!key) @@ -794,11 +794,11 @@ static bool openssh_pem_write( */ pubblob = strbuf_new(); ssh_key_public_blob(key->key, BinarySink_UPCAST(pubblob)); - privblob = strbuf_new(); + privblob = strbuf_new_nm(); ssh_key_private_blob(key->key, BinarySink_UPCAST(privblob)); spareblob = NULL; - outblob = strbuf_new(); + outblob = strbuf_new_nm(); /* * Encode the OpenSSH key blob, and also decide on the header @@ -903,7 +903,7 @@ static bool openssh_pem_write( footer = "-----END DSA PRIVATE KEY-----\n"; } - seq = strbuf_new(); + seq = strbuf_new_nm(); for (i = 0; i < nnumbers; i++) { put_ber_id_len(seq, 2, numbers[i].len, 0); put_datapl(seq, numbers[i]); @@ -933,7 +933,7 @@ static bool openssh_pem_write( oid = ec_alg_oid(ssh_key_alg(key->key), &oidlen); pointlen = (ec->curve->fieldBits + 7) / 8 * 2; - seq = strbuf_new(); + seq = strbuf_new_nm(); /* INTEGER 1 */ put_ber_id_len(seq, 2, 1, 0); @@ -1102,7 +1102,7 @@ static struct openssh_new_key *load_openssh_new_key(const Filename *filename, unsigned key_index; ret = snew(struct openssh_new_key); - ret->keyblob = strbuf_new(); + ret->keyblob = strbuf_new_nm(); fp = f_open(filename, "r", false); if (!fp) { @@ -1493,13 +1493,13 @@ static bool openssh_new_write( */ pubblob = strbuf_new(); ssh_key_public_blob(key->key, BinarySink_UPCAST(pubblob)); - privblob = strbuf_new(); + privblob = strbuf_new_nm(); ssh_key_openssh_blob(key->key, BinarySink_UPCAST(privblob)); /* * Construct the cleartext version of the blob. */ - cblob = strbuf_new(); + cblob = strbuf_new_nm(); /* Magic number. */ put_asciz(cblob, "openssh-key-v1"); @@ -1516,7 +1516,7 @@ static bool openssh_new_write( random_read(bcrypt_salt, sizeof(bcrypt_salt)); put_stringz(cblob, "aes256-ctr"); put_stringz(cblob, "bcrypt"); - substr = strbuf_new(); + substr = strbuf_new_nm(); put_string(substr, bcrypt_salt, sizeof(bcrypt_salt)); put_uint32(substr, bcrypt_rounds); put_stringsb(cblob, substr); @@ -1530,7 +1530,7 @@ static bool openssh_new_write( /* Private section. */ { - strbuf *cpblob = strbuf_new(); + strbuf *cpblob = strbuf_new_nm(); /* checkint. */ uint8_t checkint_buf[4]; @@ -1718,7 +1718,7 @@ static struct sshcom_key *load_sshcom_key(const Filename *filename, ret = snew(struct sshcom_key); ret->comment[0] = '\0'; - ret->keyblob = strbuf_new(); + ret->keyblob = strbuf_new_nm(); fp = f_open(filename, "r", false); if (!fp) { @@ -2060,7 +2060,7 @@ static ssh2_userkey *sshcom_read( * construct public and private blobs in our own format, and * end up feeding them to ssh_key_new_priv(). */ - blob = strbuf_new(); + blob = strbuf_new_nm(); if (type == RSA) { ptrlen n, e, d, u, p, q; @@ -2157,7 +2157,7 @@ static bool sshcom_write( */ pubblob = strbuf_new(); ssh_key_public_blob(key->key, BinarySink_UPCAST(pubblob)); - privblob = strbuf_new(); + privblob = strbuf_new_nm(); ssh_key_private_blob(key->key, BinarySink_UPCAST(privblob)); outblob = NULL; @@ -2225,7 +2225,7 @@ static bool sshcom_write( goto error; /* unsupported key type */ } - outblob = strbuf_new(); + outblob = strbuf_new_nm(); /* * Create the unencrypted key blob. diff --git a/proxy.c b/proxy.c index 81c08e99..e9ab244d 100644 --- a/proxy.c +++ b/proxy.c @@ -1223,7 +1223,7 @@ int proxy_socks5_negotiate (ProxySocket *p, int change) const char *username = conf_get_str(p->conf, CONF_proxy_username); const char *password = conf_get_str(p->conf, CONF_proxy_password); if (username[0] || password[0]) { - strbuf *auth = strbuf_new(); + strbuf *auth = strbuf_new_nm(); put_byte(auth, 1); /* version number of subnegotiation */ if (!put_pstring(auth, username)) { p->error = "Proxy error: SOCKS 5 authentication cannot " diff --git a/sesschan.c b/sesschan.c index 4b98857b..b844e5b4 100644 --- a/sesschan.c +++ b/sesschan.c @@ -384,7 +384,7 @@ bool sesschan_enable_x11_forwarding( */ if (authdata_hex.len % 2) return false; /* expected an even number of digits */ - authdata_bin = strbuf_new(); + authdata_bin = strbuf_new_nm(); for (i = 0; i < authdata_hex.len; i += 2) { const unsigned char *hex = authdata_hex.ptr; char hexbuf[3]; diff --git a/sftpcommon.c b/sftpcommon.c index 34ba4247..4912899b 100644 --- a/sftpcommon.c +++ b/sftpcommon.c @@ -18,7 +18,7 @@ static void sftp_pkt_BinarySink_write( assert(length <= 0xFFFFFFFFU - pkt->length); - sgrowarrayn(pkt->data, pkt->maxlen, pkt->length, length); + sgrowarrayn_nm(pkt->data, pkt->maxlen, pkt->length, length); memcpy(pkt->data + pkt->length, data, length); pkt->length += length; } diff --git a/ssh1login-server.c b/ssh1login-server.c index d4920ad0..c27882d7 100644 --- a/ssh1login-server.c +++ b/ssh1login-server.c @@ -204,7 +204,7 @@ static void ssh1_login_server_process_queue(PacketProtocolLayer *ppl) { RSAKey *smaller, *larger; - strbuf *data = strbuf_new(); + strbuf *data = strbuf_new_nm(); if (mp_get_nbits(s->hostkey->modulus) > mp_get_nbits(s->servkey->modulus)) { diff --git a/ssh1login.c b/ssh1login.c index a54e000b..de220bd7 100644 --- a/ssh1login.c +++ b/ssh1login.c @@ -984,7 +984,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) put_stringz(pkt, s->cur_prompt->prompts[0]->result); pq_push(s->ppl.out_pq, pkt); } else { - strbuf *random_data = strbuf_new(); + strbuf *random_data = strbuf_new_nm(); random_read(strbuf_append(random_data, i), i); pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_MSG_IGNORE); @@ -1000,7 +1000,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) * but can deal with padded passwords, so we * can use the secondary defence. */ - strbuf *padded_pw = strbuf_new(); + strbuf *padded_pw = strbuf_new_nm(); ppl_logevent("Sending length-padded password"); pkt = ssh_bpp_new_pktout(s->ppl.bpp, s->pwpkt_type); diff --git a/ssh2kex-client.c b/ssh2kex-client.c index 4f544a66..10129a20 100644 --- a/ssh2kex-client.c +++ b/ssh2kex-client.c @@ -565,7 +565,7 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted) /* * Encode this as an mpint. */ - buf = strbuf_new(); + buf = strbuf_new_nm(); put_mp_ssh2(buf, s->K); /* diff --git a/ssh2transport.c b/ssh2transport.c index 9ab532f8..204c2440 100644 --- a/ssh2transport.c +++ b/ssh2transport.c @@ -1283,9 +1283,9 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl) * session keys. */ { - strbuf *cipher_key = strbuf_new(); - strbuf *cipher_iv = strbuf_new(); - strbuf *mac_key = strbuf_new(); + strbuf *cipher_key = strbuf_new_nm(); + strbuf *cipher_iv = strbuf_new_nm(); + strbuf *mac_key = strbuf_new_nm(); if (s->out.cipher) { ssh2_mkkey(s, cipher_iv, s->K, s->exchange_hash, @@ -1338,9 +1338,9 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl) * incoming session keys. */ { - strbuf *cipher_key = strbuf_new(); - strbuf *cipher_iv = strbuf_new(); - strbuf *mac_key = strbuf_new(); + strbuf *cipher_key = strbuf_new_nm(); + strbuf *cipher_iv = strbuf_new_nm(); + strbuf *mac_key = strbuf_new_nm(); if (s->in.cipher) { ssh2_mkkey(s, cipher_iv, s->K, s->exchange_hash, diff --git a/sshcommon.c b/sshcommon.c index e49eb0ee..cd5b839c 100644 --- a/sshcommon.c +++ b/sshcommon.c @@ -232,7 +232,7 @@ PktOut *ssh_new_packet(void) static void ssh_pkt_adddata(PktOut *pkt, const void *data, int len) { - sgrowarrayn(pkt->data, pkt->maxlen, pkt->length, len); + sgrowarrayn_nm(pkt->data, pkt->maxlen, pkt->length, len); memcpy(pkt->data + pkt->length, data, len); pkt->length += len; } diff --git a/sshecc.c b/sshecc.c index 6cefde41..f3eddc64 100644 --- a/sshecc.c +++ b/sshecc.c @@ -770,7 +770,7 @@ static void eddsa_openssh_blob(ssh_key *key, BinarySink *bs) put_epoint(pub_sb, ek->publicKey, ek->curve, false); ptrlen pub = make_ptrlen(pub_sb->s + 4, pub_sb->len - 4); - strbuf *priv_sb = strbuf_new(); + strbuf *priv_sb = strbuf_new_nm(); put_mp_le_unsigned(priv_sb, ek->privateKey); ptrlen priv = make_ptrlen(priv_sb->s + 4, priv_sb->len - 4); @@ -1279,7 +1279,7 @@ static void ssh_ecdhkex_w_setup(ecdh_key *dh) static void ssh_ecdhkex_m_setup(ecdh_key *dh) { - strbuf *bytes = strbuf_new(); + strbuf *bytes = strbuf_new_nm(); random_read(strbuf_append(bytes, dh->curve->fieldBytes), dh->curve->fieldBytes); diff --git a/sshhmac.c b/sshhmac.c index 13c18e4a..232d7680 100644 --- a/sshhmac.c +++ b/sshhmac.c @@ -110,7 +110,7 @@ static void hmac_key(ssh2_mac *mac, ptrlen key) * the underlying hash, then we start by hashing the key, and * use that hash as the 'true' key for the HMAC construction. */ - sb = strbuf_new(); + sb = strbuf_new_nm(); strbuf_append(sb, ctx->hashalg->hlen); ssh_hash *htmp = ssh_hash_new(ctx->hashalg); diff --git a/sshpubk.c b/sshpubk.c index 2102426e..fc999eb9 100644 --- a/sshpubk.c +++ b/sshpubk.c @@ -37,7 +37,7 @@ static int rsa_ssh1_load_main(FILE * fp, RSAKey *key, bool pub_only, *error = NULL; /* Slurp the whole file (minus the header) into a buffer. */ - buf = strbuf_new(); + buf = strbuf_new_nm(); { int ch; while ((ch = fgetc(fp)) != EOF) @@ -310,7 +310,7 @@ int rsa_ssh1_loadpub(const Filename *filename, BinarySink *bs, bool rsa_ssh1_savekey(const Filename *filename, RSAKey *key, char *passphrase) { - strbuf *buf = strbuf_new(); + strbuf *buf = strbuf_new_nm(); int estart; FILE *fp; @@ -490,7 +490,7 @@ static bool read_header(FILE * fp, char *header) static char *read_body(FILE * fp) { - strbuf *buf = strbuf_new(); + strbuf *buf = strbuf_new_nm(); while (1) { int c = fgetc(fp); @@ -678,7 +678,7 @@ ssh2_userkey *ssh2_load_userkey( goto error; i = atoi(b); sfree(b); - private_blob = strbuf_new(); + private_blob = strbuf_new_nm(); if (!read_blob(fp, i, BinarySink_UPCAST(private_blob))) goto error; @@ -728,7 +728,7 @@ ssh2_userkey *ssh2_load_userkey( macdata = private_blob; free_macdata = false; } else { - macdata = strbuf_new(); + macdata = strbuf_new_nm(); put_stringz(macdata, alg->ssh_id); put_stringz(macdata, encryption); put_stringz(macdata, comment); @@ -1236,7 +1236,7 @@ bool ssh2_save_userkey( */ pub_blob = strbuf_new(); ssh_key_public_blob(key->key, BinarySink_UPCAST(pub_blob)); - priv_blob = strbuf_new(); + priv_blob = strbuf_new_nm(); ssh_key_private_blob(key->key, BinarySink_UPCAST(priv_blob)); /* @@ -1267,7 +1267,7 @@ bool ssh2_save_userkey( unsigned char mackey[20]; char header[] = "putty-private-key-file-mac-key"; - macdata = strbuf_new(); + macdata = strbuf_new_nm(); put_stringz(macdata, ssh_key_ssh_id(key->key)); put_stringz(macdata, cipherstr); put_stringz(macdata, key->comment); diff --git a/sshrsa.c b/sshrsa.c index 310a92e5..1fd5fb25 100644 --- a/sshrsa.c +++ b/sshrsa.c @@ -197,7 +197,7 @@ mp_int *rsa_ssh1_decrypt(mp_int *input, RSAKey *key) bool rsa_ssh1_decrypt_pkcs1(mp_int *input, RSAKey *key, strbuf *outbuf) { - strbuf *data = strbuf_new(); + strbuf *data = strbuf_new_nm(); bool success = false; BinarySource src[1]; @@ -872,7 +872,7 @@ strbuf *ssh_rsakex_encrypt(RSAKey *rsa, const ssh_hashalg *h, ptrlen in) assert(in.len > 0 && in.len <= k - 2*HLEN - 2); /* The length of the output data wants to be precisely k. */ - strbuf *toret = strbuf_new(); + strbuf *toret = strbuf_new_nm(); int outlen = k; unsigned char *out = strbuf_append(toret, outlen); diff --git a/sshshare.c b/sshshare.c index 2e2cf367..d2553e40 100644 --- a/sshshare.c +++ b/sshshare.c @@ -769,7 +769,7 @@ static void send_packet_to_downstream(struct ssh_sharing_connstate *cs, int this_len = (data.len > chan->downstream_maxpkt ? chan->downstream_maxpkt : data.len); - packet = strbuf_new(); + packet = strbuf_new_nm(); put_uint32(packet, 0); /* placeholder for length field */ put_byte(packet, type); put_uint32(packet, channel); @@ -785,7 +785,7 @@ static void send_packet_to_downstream(struct ssh_sharing_connstate *cs, /* * Just do the obvious thing. */ - packet = strbuf_new(); + packet = strbuf_new_nm(); put_uint32(packet, 0); /* placeholder for length field */ put_byte(packet, type); put_data(packet, pkt, pktlen); @@ -1122,7 +1122,7 @@ void share_setup_x11_channel(ssh_sharing_connstate *cs, share_channel *chan, chan->x11_auth_proto, chan->x11_auth_data, chan->x11_auth_datalen, peer_addr, peer_port, &greeting_len); - packet = strbuf_new(); + packet = strbuf_new_nm(); put_uint32(packet, 0); /* leave the channel id field unfilled - we * don't know the downstream id yet */ put_uint32(packet, greeting_len + initial_len); @@ -1691,7 +1691,7 @@ static void share_got_pkt_from_downstream(struct ssh_sharing_connstate *cs, * containing our own auth data, and send that to the * server. */ - packet = strbuf_new(); + packet = strbuf_new_nm(); put_uint32(packet, server_id); put_stringz(packet, "x11-req"); put_bool(packet, want_reply); diff --git a/sshzlib.c b/sshzlib.c index 480b9972..413a7353 100644 --- a/sshzlib.c +++ b/sshzlib.c @@ -615,7 +615,7 @@ void zlib_compress_block(ssh_compressor *sc, bool in_block; assert(!out->outbuf); - out->outbuf = strbuf_new(); + out->outbuf = strbuf_new_nm(); /* * If this is the first block, output the Zlib (RFC1950) header @@ -955,7 +955,7 @@ bool zlib_decompress_block(ssh_decompressor *dc, }; assert(!dctx->outblk); - dctx->outblk = strbuf_new(); + dctx->outblk = strbuf_new_nm(); while (len > 0 || dctx->nbits > 0) { while (dctx->nbits < 24 && len > 0) { diff --git a/telnet.c b/telnet.c index 74f36999..a773498b 100644 --- a/telnet.c +++ b/telnet.c @@ -506,7 +506,7 @@ static void process_subneg(Telnet *telnet) static void do_telnet_read(Telnet *telnet, const char *buf, size_t len) { - strbuf *outbuf = strbuf_new(); + strbuf *outbuf = strbuf_new_nm(); while (len--) { int c = (unsigned char) *buf++; diff --git a/unix/ux_x11.c b/unix/ux_x11.c index e5b0f73c..2bf756cc 100644 --- a/unix/ux_x11.c +++ b/unix/ux_x11.c @@ -58,7 +58,7 @@ int platform_make_x11_server(Plug *plug, const char *progname, int mindisp, int displayno; - authfiledata = strbuf_new(); + authfiledata = strbuf_new_nm(); int nsockets = 0; diff --git a/utils.c b/utils.c index 283702d8..f4ce54a9 100644 --- a/utils.c +++ b/utils.c @@ -343,7 +343,7 @@ static char *dupvprintf_inner(char *buf, size_t oldlen, size_t *sizeptr, size_t len, size; size = *sizeptr; - sgrowarrayn(buf, size, oldlen, 512); + sgrowarrayn_nm(buf, size, oldlen, 512); while (1) { va_list aq; @@ -359,11 +359,11 @@ static char *dupvprintf_inner(char *buf, size_t oldlen, size_t *sizeptr, } else if (len > 0) { /* This is the C99 error condition: the returned length is * the required buffer size not counting the NUL. */ - sgrowarrayn(buf, size, oldlen, len + 1); + sgrowarrayn_nm(buf, size, oldlen, len + 1); } else { /* This is the pre-C99 glibc error condition: <0 means the * buffer wasn't big enough, so we enlarge it a bit and hope. */ - sgrowarray(buf, size, size); + sgrowarray_nm(buf, size, size); } } } @@ -483,7 +483,7 @@ char *fgetline(FILE *fp) len += strlen(ret + len); if (len > 0 && ret[len-1] == '\n') break; /* got a newline, we're done */ - sgrowarrayn(ret, size, len, 512); + sgrowarrayn_nm(ret, size, len, 512); } if (len == 0) { /* first fgets returned NULL */ sfree(ret);