d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use explicit_bzero() when cleaning values out of the kernel environment.

Browse Source 
Sometimes the values contain geli passphrases being communicated from
loader(8) to the kernel, and some day the compiler may decide to start
eliding calls to memset() for a pointer which is not dereferenced again
before being passed to free().
This commit is contained in:
Ian Lepore 2018-04-10 22:57:56 +00:00
parent 04457342a3
commit 97603f1da2
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/kern/kern_environment.c
View File

@ -289,7 +289,7 @@ init_dynamic_kenv(void *data __unused)
if (i < KENV_SIZE) {
kenvp[i] = malloc(len, M_KENV, M_WAITOK);
strcpy(kenvp[i++], cp);
memset(cp, 0, strlen(cp));
explicit_bzero(cp, strlen(cp));
} else
printf(
"WARNING: too many kenv strings, ignoring %s\n",
@ -308,7 +308,7 @@ freeenv(char *env)
{
if (dynamic_kenv && env != NULL) {
memset(env, 0, strlen(env));
explicit_bzero(env, strlen(env));
free(env, M_KENV);
}
}
@ -486,7 +486,7 @@ kern_unsetenv(const char *name)
kenvp[i++] = kenvp[j];
kenvp[i] = NULL;
mtx_unlock(&kenv_lock);
memset(oldenv, 0, strlen(oldenv));
explicit_bzero(oldenv, strlen(oldenv));
free(oldenv, M_KENV);
return (0);
}