admin/libiscsi
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

INIT zero out sensitive data before its freed

Browse Source 
The iscsi_url and iscsi_context might contain clear text
login credentials for an iscsi target. As Linux zeroes
on allocate this data might remain in memory for a long
time.
This commit is contained in:
Peter Lieven
2012-11-03 02:12:46 +01:00
parent 871c56ce7a
commit a6caad107c
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/connect.c
View File

@@ -331,6 +331,7 @@ try_again:
iscsi->frees+=old_iscsi->frees; iscsi->frees+=old_iscsi->frees;
memcpy(old_iscsi, iscsi, sizeof(struct iscsi_context)); memcpy(old_iscsi, iscsi, sizeof(struct iscsi_context));
memset(iscsi, 0, sizeof(struct iscsi_context));
free(iscsi); free(iscsi);
old_iscsi->is_reconnecting = 0; old_iscsi->is_reconnecting = 0;

5
lib/init.c
View File

@@ -267,6 +267,7 @@ iscsi_destroy_context(struct iscsi_context *iscsi)
DPRINTF(iscsi,5,"memory is clean at iscsi_destroy_context() after %d mallocs and %d frees",iscsi->mallocs,iscsi->frees); DPRINTF(iscsi,5,"memory is clean at iscsi_destroy_context() after %d mallocs and %d frees",iscsi->mallocs,iscsi->frees);
} }
memset(iscsi, 0, sizeof(struct iscsi_context));
free(iscsi); free(iscsi);
return 0; return 0;
@@ -465,7 +466,9 @@ iscsi_parse_portal_url(struct iscsi_context *iscsi, const char *url)
void void
iscsi_destroy_url(struct iscsi_url *iscsi_url) iscsi_destroy_url(struct iscsi_url *iscsi_url)
{ {
if (iscsi_url->iscsi != NULL) struct iscsi_context *iscsi = iscsi_url->iscsi;
memset(iscsi_url, 0, sizeof(struct iscsi_url));
if (iscsi != NULL)
iscsi_free(iscsi_url->iscsi, iscsi_url); iscsi_free(iscsi_url->iscsi, iscsi_url);
else else
free(iscsi_url); free(iscsi_url);