Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Leave fewer copies of proxy password around in memory
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 23, 2014
1 parent 1a0566f commit 9f89f84
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 0 deletions.
7 changes: 7 additions & 0 deletions digest.c
Expand Up @@ -184,6 +184,11 @@ int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *h
if (buf_error(cnonce))
goto err;

/*
* According to RFC2617 §3.2.2.2:
* A1 = unq(username-value) ":" unq(realm-value) ":" passwd
* So the username is escaped, while the password isn't.
*/
a1 = buf_alloc();
buf_append_unq(a1, vpninfo->proxy_user);
buf_append(a1, ":%s:%s", realm->data, vpninfo->proxy_pass);
Expand Down Expand Up @@ -234,6 +239,8 @@ int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *h
vpn_progress(vpninfo, PRG_INFO,
_("Attempting Digest authentication to proxy\n"));
err:
if (a1 && a1->data)
memset(a1->data, 0, a1->pos);
buf_free(a1);
buf_free(a2);
buf_free(kd);
Expand Down
1 change: 1 addition & 0 deletions http.c
Expand Up @@ -1670,6 +1670,7 @@ static int basic_authorization(struct openconnect_info *vpninfo, struct oc_text_
buf_append_base64(hdrbuf, text->data, text->pos);
buf_append(hdrbuf, "\r\n");

memset(text->data, 0, text->pos);
buf_free(text);

vpn_progress(vpninfo, PRG_INFO, _("Attempting HTTP Basic authentication to proxy\n"));
Expand Down
2 changes: 2 additions & 0 deletions ntlm.c
Expand Up @@ -656,6 +656,8 @@ static void ntlm_lanmanager_hash (const char *password, char hash[21])

setup_schedule (lm_password + 7, ks);
des (ks, (unsigned char *) hash + 8);

memset(lm_password, 0, sizeof(lm_password));
}

static void ntlm_nt_hash (struct oc_text_buf *pass, char hash[21])
Expand Down

0 comments on commit 9f89f84

Please sign in to comment.