zeroize data before free

d711c091 · Tomáš Stefan · 6d65ff50 · d711c091 · d711c091 · d711c091
Commit d711c091 authored May 07, 2018 by Tomáš Stefan
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 13 deletions

include/types.h include/types.h +1 -1

lib/cert.c lib/cert.c +6 -1

lib/contents.c lib/contents.c +12 -7

lib/sigil.c lib/sigil.c +11 -4

lib/xref.c lib/xref.c +2 -0

No files found.
--- a/include/types.h
+++ b/include/types.h
@@ -39,7 +39,7 @@ typedef struct {
 */
 typedef struct {
    char  *contents_hex;
-    size_t capacity;
+    size_t size;
 } contents_t;

 /** @brief Type for storing a certificate in hexadecimal and X.509 form + pointer

--- a/lib/cert.c
+++ b/lib/cert.c
 #include <stdlib.h>
 #include <types.h>
+#include <string.h>
 #include "auxiliary.h"
 #include "cert.h"
 #include "config.h"
@@ -136,12 +137,16 @@ void cert_free(cert_t *cert)

    cert_free(cert->next);

-    if (cert->cert_hex != NULL)
+    if (cert->cert_hex != NULL) {
+        sigil_zeroize(cert->cert_hex,
+                      sizeof(*cert->cert_hex) * strlen(cert->cert_hex));
        free(cert->cert_hex);
+    }

    if (cert->x509 != NULL)
        X509_free(cert->x509);

+    sigil_zeroize(cert, sizeof(*cert));
    free(cert);
 }


--- a/lib/contents.c
+++ b/lib/contents.c
 #include <stdlib.h>
 #include <types.h>
+#include <string.h>
 #include "auxiliary.h"
 #include "config.h"
 #include "constants.h"
@@ -41,7 +42,7 @@ sigil_err_t parse_contents(sigil_t *sgl)

    sigil_zeroize(*data, sizeof(**data) * CONTENTS_PREALLOCATION);

-    sgl->contents->capacity = CONTENTS_PREALLOCATION;
+    sgl->contents->size = CONTENTS_PREALLOCATION;

    position = 0;

@@ -50,15 +51,15 @@ sigil_err_t parse_contents(sigil_t *sgl)
            return err;

        // not enough space, allocate double
-        if (position >= sgl->contents->capacity) {
-            *data = realloc(*data, sizeof(**data) * sgl->contents->capacity * 2);
+        if (position >= sgl->contents->size) {
+            *data = realloc(*data, sizeof(**data) * sgl->contents->size * 2);
            if (*data == NULL)
                return ERR_ALLOCATION;

-            sigil_zeroize(*data + sgl->contents->capacity,
-                          sizeof(**data) * sgl->contents->capacity);
+            sigil_zeroize(*data + sgl->contents->size,
+                          sizeof(**data) * sgl->contents->size);

-            sgl->contents->capacity *= 2;
+            sgl->contents->size *= 2;
        }

        if (c == '>') {
@@ -77,9 +78,13 @@ void contents_free(sigil_t *sgl)
    if (sgl == NULL || sgl->contents == NULL)
        return;

-    if (sgl->contents->contents_hex != NULL)
+    if (sgl->contents->contents_hex != NULL) {
+        sigil_zeroize(sgl->contents->contents_hex,
+                      sizeof(*sgl->contents->contents_hex) * sgl->contents->size);
        free(sgl->contents->contents_hex);
+    }

+    sigil_zeroize(sgl->contents, sizeof(*sgl->contents));
    free(sgl->contents);
    sgl->contents = NULL;
 }

--- a/lib/sigil.c
+++ b/lib/sigil.c
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <types.h>
 #include "acroform.h"
 #include "auxiliary.h"
 #include "catalog.h"
@@ -27,7 +28,7 @@ sigil_err_t sigil_init(sigil_t **sgl)
    if (*sgl == NULL)
        return ERR_ALLOCATION;

-    sigil_zeroize(*sgl, sizeof(*sgl));
+    sigil_zeroize(*sgl, sizeof(**sgl));

    // set default values
    (*sgl)->pdf_data.file                   = NULL;
@@ -453,7 +454,7 @@ static void range_free(range_t *range)
        return;

    range_free(range->next);
-
+    sigil_zeroize(range, sizeof(*range));
    free(range);
 }

@@ -467,6 +468,7 @@ void sigil_free(sigil_t **sgl)
        (*sgl)->pdf_data.deallocation_info ^= DEALLOCATE_FILE;
    }
    if ((*sgl)->pdf_data.deallocation_info & DEALLOCATE_BUFFER) {
+        sigil_zeroize((*sgl)->pdf_data.buffer, (*sgl)->pdf_data.size);
        free((*sgl)->pdf_data.buffer);
        (*sgl)->pdf_data.deallocation_info ^= DEALLOCATE_BUFFER;
    }
@@ -474,16 +476,20 @@ void sigil_free(sigil_t **sgl)
    if ((*sgl)->xref != NULL)
        xref_free((*sgl)->xref);

-
    if ((*sgl)->fields.capacity > 0) {
        for (size_t i = 0; i < (*sgl)->fields.capacity; i++) {
            if ((*sgl)->fields.entry[i] != NULL) {
+                sigil_zeroize((*sgl)->fields.entry[i],
+                              sizeof(*(*sgl)->fields.entry[i]));
                free((*sgl)->fields.entry[i]);
            }
        }

-        if ((*sgl)->fields.entry != NULL)
+        if ((*sgl)->fields.entry != NULL) {
+            sigil_zeroize((*sgl)->fields.entry,
+                          sizeof(*(*sgl)->fields.entry) * (*sgl)->fields.capacity);
            free((*sgl)->fields.entry);
+        }
    }

    if ((*sgl)->byte_range != NULL)
@@ -507,6 +513,7 @@ void sigil_free(sigil_t **sgl)
    if ((*sgl)->trusted_store != NULL)
        X509_STORE_free((*sgl)->trusted_store);

+    sigil_zeroize(*sgl, sizeof(**sgl));
    free(*sgl);
    *sgl = NULL;
 }

--- a/lib/xref.c
+++ b/lib/xref.c
@@ -75,6 +75,7 @@ static void free_xref_entry(xref_entry_t *entry)
 {
    if (entry != NULL) {
        free_xref_entry(entry->next);
+        sigil_zeroize(entry, sizeof(*entry));
        free(entry);
    }
 }
@@ -111,6 +112,7 @@ void xref_free(xref_t *xref)
        free(xref->entry);
    }

+    sigil_zeroize(xref, sizeof(*xref));
    free(xref);
 }