Commit d711c091 authored by Tomáš Stefan's avatar Tomáš Stefan

zeroize data before free

parent 6d65ff50
......@@ -39,7 +39,7 @@ typedef struct {
*/
typedef struct {
char *contents_hex;
size_t capacity;
size_t size;
} contents_t;
/** @brief Type for storing a certificate in hexadecimal and X.509 form + pointer
......
#include <stdlib.h>
#include <types.h>
#include <string.h>
#include "auxiliary.h"
#include "cert.h"
#include "config.h"
......@@ -136,12 +137,16 @@ void cert_free(cert_t *cert)
cert_free(cert->next);
if (cert->cert_hex != NULL)
if (cert->cert_hex != NULL) {
sigil_zeroize(cert->cert_hex,
sizeof(*cert->cert_hex) * strlen(cert->cert_hex));
free(cert->cert_hex);
}
if (cert->x509 != NULL)
X509_free(cert->x509);
sigil_zeroize(cert, sizeof(*cert));
free(cert);
}
......
#include <stdlib.h>
#include <types.h>
#include <string.h>
#include "auxiliary.h"
#include "config.h"
#include "constants.h"
......@@ -41,7 +42,7 @@ sigil_err_t parse_contents(sigil_t *sgl)
sigil_zeroize(*data, sizeof(**data) * CONTENTS_PREALLOCATION);
sgl->contents->capacity = CONTENTS_PREALLOCATION;
sgl->contents->size = CONTENTS_PREALLOCATION;
position = 0;
......@@ -50,15 +51,15 @@ sigil_err_t parse_contents(sigil_t *sgl)
return err;
// not enough space, allocate double
if (position >= sgl->contents->capacity) {
*data = realloc(*data, sizeof(**data) * sgl->contents->capacity * 2);
if (position >= sgl->contents->size) {
*data = realloc(*data, sizeof(**data) * sgl->contents->size * 2);
if (*data == NULL)
return ERR_ALLOCATION;
sigil_zeroize(*data + sgl->contents->capacity,
sizeof(**data) * sgl->contents->capacity);
sigil_zeroize(*data + sgl->contents->size,
sizeof(**data) * sgl->contents->size);
sgl->contents->capacity *= 2;
sgl->contents->size *= 2;
}
if (c == '>') {
......@@ -77,9 +78,13 @@ void contents_free(sigil_t *sgl)
if (sgl == NULL || sgl->contents == NULL)
return;
if (sgl->contents->contents_hex != NULL)
if (sgl->contents->contents_hex != NULL) {
sigil_zeroize(sgl->contents->contents_hex,
sizeof(*sgl->contents->contents_hex) * sgl->contents->size);
free(sgl->contents->contents_hex);
}
sigil_zeroize(sgl->contents, sizeof(*sgl->contents));
free(sgl->contents);
sgl->contents = NULL;
}
......
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <types.h>
#include "acroform.h"
#include "auxiliary.h"
#include "catalog.h"
......@@ -27,7 +28,7 @@ sigil_err_t sigil_init(sigil_t **sgl)
if (*sgl == NULL)
return ERR_ALLOCATION;
sigil_zeroize(*sgl, sizeof(*sgl));
sigil_zeroize(*sgl, sizeof(**sgl));
// set default values
(*sgl)->pdf_data.file = NULL;
......@@ -453,7 +454,7 @@ static void range_free(range_t *range)
return;
range_free(range->next);
sigil_zeroize(range, sizeof(*range));
free(range);
}
......@@ -467,6 +468,7 @@ void sigil_free(sigil_t **sgl)
(*sgl)->pdf_data.deallocation_info ^= DEALLOCATE_FILE;
}
if ((*sgl)->pdf_data.deallocation_info & DEALLOCATE_BUFFER) {
sigil_zeroize((*sgl)->pdf_data.buffer, (*sgl)->pdf_data.size);
free((*sgl)->pdf_data.buffer);
(*sgl)->pdf_data.deallocation_info ^= DEALLOCATE_BUFFER;
}
......@@ -474,16 +476,20 @@ void sigil_free(sigil_t **sgl)
if ((*sgl)->xref != NULL)
xref_free((*sgl)->xref);
if ((*sgl)->fields.capacity > 0) {
for (size_t i = 0; i < (*sgl)->fields.capacity; i++) {
if ((*sgl)->fields.entry[i] != NULL) {
sigil_zeroize((*sgl)->fields.entry[i],
sizeof(*(*sgl)->fields.entry[i]));
free((*sgl)->fields.entry[i]);
}
}
if ((*sgl)->fields.entry != NULL)
if ((*sgl)->fields.entry != NULL) {
sigil_zeroize((*sgl)->fields.entry,
sizeof(*(*sgl)->fields.entry) * (*sgl)->fields.capacity);
free((*sgl)->fields.entry);
}
}
if ((*sgl)->byte_range != NULL)
......@@ -507,6 +513,7 @@ void sigil_free(sigil_t **sgl)
if ((*sgl)->trusted_store != NULL)
X509_STORE_free((*sgl)->trusted_store);
sigil_zeroize(*sgl, sizeof(**sgl));
free(*sgl);
*sgl = NULL;
}
......
......@@ -75,6 +75,7 @@ static void free_xref_entry(xref_entry_t *entry)
{
if (entry != NULL) {
free_xref_entry(entry->next);
sigil_zeroize(entry, sizeof(*entry));
free(entry);
}
}
......@@ -111,6 +112,7 @@ void xref_free(xref_t *xref)
free(xref->entry);
}
sigil_zeroize(xref, sizeof(*xref));
free(xref);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment