diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2023-01-30 17:53:24 +0100 |
|---|---|---|
| committer | Christian Göttsche <cgzones@googlemail.com> | 2023-02-28 15:11:18 +0100 |
| commit | 19a29268178951988eca29a7830f24bfef300c3c (patch) | |
| tree | 23024993a88582f13a3d63a60446c6ab4207b12e /libpam/include/security/_pam_macros.h | |
| parent | bde2277d2aa1cd9d4a14a1a1f89241d5e86b0bad (diff) | |
| download | pam-19a29268178951988eca29a7830f24bfef300c3c.tar.gz pam-19a29268178951988eca29a7830f24bfef300c3c.tar.bz2 pam-19a29268178951988eca29a7830f24bfef300c3c.zip | |
libpam: introduce secure memory erasure helpers
Avoid compiler optimizations to elide the memory erasure by using a
secure method: either memset_explicit() [C23], bzero_explicit() [glibc
2.25] or a manual memory barrier.
Since the current helpers _pam_overwrite*() and _pam_drop_reply() are
publicly exported, create new ones in "pam_inline.h" and deprecate the
old ones.
Diffstat (limited to 'libpam/include/security/_pam_macros.h')
| -rw-r--r-- | libpam/include/security/_pam_macros.h | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/libpam/include/security/_pam_macros.h b/libpam/include/security/_pam_macros.h index e891e226..b5129d2a 100644 --- a/libpam/include/security/_pam_macros.h +++ b/libpam/include/security/_pam_macros.h @@ -7,6 +7,8 @@ * Organized by Cristian Gafton <gafton@redhat.com> */ +#include "_pam_types.h" + /* a 'safe' version of strdup */ #include <stdlib.h> @@ -14,20 +16,22 @@ #define x_strdup(s) ( (s) ? strdup(s):NULL ) -/* Good policy to strike out passwords with some characters not just - free the memory */ +/* + * WARNING: Do NOT use these overwrite macros, as they do not reliable + * override the memory. + */ -#define _pam_overwrite(x) \ -do { \ - register char *__xx__; \ - if ((__xx__=(x))) \ - while (*__xx__) \ - *__xx__++ = '\0'; \ +#define _pam_overwrite(x) \ +do { \ + PAM_DEPRECATED register char *__xx__; \ + if ((__xx__=(x))) \ + while (*__xx__) \ + *__xx__++ = '\0'; \ } while (0) #define _pam_overwrite_n(x,n) \ do { \ - register char *__xx__; \ + PAM_DEPRECATED register char *__xx__; \ register unsigned int __i__ = 0; \ if ((__xx__=(x))) \ for (;__i__<n; __i__++) \ @@ -46,9 +50,13 @@ do { \ } \ } while (0) +/* + * WARNING: Do NOT use this macro, as it does not reliable override the memory. + */ + #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ do { \ - int reply_i; \ + PAM_DEPRECATED int reply_i; \ \ for (reply_i=0; reply_i<replies; ++reply_i) { \ if (reply[reply_i].resp) { \ |