From e693a9323599ed6675ea598000362a9671214147 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 5 Jul 2019 11:29:10 +0200 Subject: Use _cleanup(free_and_erasep) where appropriate Replaces #12959. --- src/network/netdev/macsec.c | 21 ++++++++---------- src/network/netdev/wireguard.c | 20 ++++++----------- src/reply-password/reply-password.c | 4 +--- src/shared/ask-password-api.c | 25 ++++++++++------------ .../tty-ask-password-agent.c | 22 ++++++------------- 5 files changed, 34 insertions(+), 58 deletions(-) diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c index a4967e817b..cf281e75a6 100644 --- a/src/network/netdev/macsec.c +++ b/src/network/netdev/macsec.c @@ -718,7 +718,7 @@ int config_parse_macsec_key( _cleanup_(macsec_transmit_association_free_or_set_invalidp) TransmitAssociation *a = NULL; _cleanup_(macsec_receive_association_free_or_set_invalidp) ReceiveAssociation *b = NULL; - _cleanup_free_ void *p; + _cleanup_(erase_and_freep) void *p = NULL; MACsec *s = userdata; SecurityAssociation *dest; size_t l; @@ -743,18 +743,17 @@ int config_parse_macsec_key( r = unhexmem_full(rvalue, strlen(rvalue), true, &p, &l); if (r < 0) { - log_syntax(unit, LOG_ERR, filename, line, r, - "Failed to parse key. Ignoring assignment: %m"); + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse key. Ignoring assignment: %m"); return 0; } + if (l != 16) { /* See DEFAULT_SAK_LEN in drivers/net/macsec.c */ - explicit_bzero_safe(p, l); - log_syntax(unit, LOG_ERR, filename, line, 0, - "Invalid key length (%zu). Ignoring assignment", l); + log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid key length (%zu). Ignoring assignment", l); return 0; } + explicit_bzero_safe(dest->key, dest->key_len); free_and_replace(dest->key, p); dest->key_len = l; @@ -972,7 +971,7 @@ int config_parse_macsec_use_for_encoding( } static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) { - _cleanup_free_ uint8_t *key = NULL; + _cleanup_(erase_and_freep) uint8_t *key = NULL; size_t key_len; int r; @@ -987,12 +986,10 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) { return log_netdev_error_errno(netdev, r, "Failed to read key from '%s', ignoring: %m", sa->key_file); - if (key_len != 16) { - explicit_bzero_safe(key, key_len); + + if (key_len != 16) return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL), - "Invalid key length (%zu bytes), ignoring: %m", - key_len); - } + "Invalid key length (%zu bytes), ignoring: %m", key_len); explicit_bzero_safe(sa->key, sa->key_len); free_and_replace(sa->key, key); diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index 154ca3b7a4..2e9651cceb 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -480,7 +480,7 @@ static int wireguard_decode_key_and_warn( unsigned line, const char *lvalue) { - _cleanup_free_ void *key = NULL; + _cleanup_(erase_and_freep) void *key = NULL; size_t len; int r; @@ -501,12 +501,10 @@ static int wireguard_decode_key_and_warn( if (r < 0) return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode wireguard key provided by %s=, ignoring assignment: %m", lvalue); - if (len != WG_KEY_LEN) { - explicit_bzero_safe(key, len); + if (len != WG_KEY_LEN) return log_syntax(unit, LOG_ERR, filename, line, 0, "Wireguard key provided by %s= has invalid length (%zu bytes), ignoring assignment.", lvalue, len); - } memcpy(ret, key, WG_KEY_LEN); return 0; @@ -894,7 +892,7 @@ static void wireguard_done(NetDev *netdev) { } static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_KEY_LEN]) { - _cleanup_free_ char *key = NULL; + _cleanup_(erase_and_freep) char *key = NULL; size_t key_len; int r; @@ -905,17 +903,11 @@ static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_ if (r < 0) return r; - if (key_len != WG_KEY_LEN) { - r = -EINVAL; - goto finalize; - } + if (key_len != WG_KEY_LEN) + return -EINVAL; memcpy(dest, key, WG_KEY_LEN); - r = 0; - -finalize: - explicit_bzero_safe(key, key_len); - return r; + return 0; } static int wireguard_peer_verify(WireguardPeer *peer) { diff --git a/src/reply-password/reply-password.c b/src/reply-password/reply-password.c index f8f6c2d3ec..7fd1fc5d1d 100644 --- a/src/reply-password/reply-password.c +++ b/src/reply-password/reply-password.c @@ -35,7 +35,7 @@ static int send_on_socket(int fd, const char *socket_name, const void *packet, s } int main(int argc, char *argv[]) { - _cleanup_free_ char *packet = NULL; + _cleanup_(erase_and_freep) char *packet = NULL; _cleanup_close_ int fd = -1; size_t length = 0; int r; @@ -93,7 +93,5 @@ int main(int argc, char *argv[]) { r = send_on_socket(fd, argv[2], packet, length); finish: - explicit_bzero_safe(packet, length); - return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; } diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 6c0a369902..00c41a0382 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -63,13 +63,16 @@ static int lookup_key(const char *keyname, key_serial_t *ret) { } static int retrieve_key(key_serial_t serial, char ***ret) { - _cleanup_free_ char *p = NULL; - long m = 100, n; + size_t nfinal, m = 100; char **l; + _cleanup_(erase_and_freep) char *pfinal = NULL; assert(ret); for (;;) { + _cleanup_(erase_and_freep) char *p = NULL; + long n; + p = new(char, m); if (!p) return -ENOMEM; @@ -77,33 +80,28 @@ static int retrieve_key(key_serial_t serial, char ***ret) { n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0); if (n < 0) return -errno; - if (n < m) + if ((size_t) n < m) { + nfinal = (size_t) n; + pfinal = TAKE_PTR(p); break; - - explicit_bzero_safe(p, m); + } if (m > LONG_MAX / 2) /* overflow check */ return -ENOMEM; m *= 2; - if ((long) (size_t) m != m) /* make sure that this still fits if converted to size_t */ - return -ENOMEM; - - free(p); } - l = strv_parse_nulstr(p, n); + l = strv_parse_nulstr(pfinal, nfinal); if (!l) return -ENOMEM; - explicit_bzero_safe(p, n); - *ret = l; return 0; } static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **passwords) { _cleanup_strv_free_erase_ char **l = NULL; - _cleanup_free_ char *p = NULL; + _cleanup_(erase_and_freep) char *p = NULL; key_serial_t serial; size_t n; int r; @@ -131,7 +129,6 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa return r; serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING); - explicit_bzero_safe(p, n); if (serial == -1) return -errno; diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c index 271d0bb90c..843c302bf4 100644 --- a/src/tty-ask-password-agent/tty-ask-password-agent.c +++ b/src/tty-ask-password-agent/tty-ask-password-agent.c @@ -238,13 +238,13 @@ finish: } static int send_passwords(const char *socket_name, char **passwords) { - _cleanup_free_ char *packet = NULL; + _cleanup_(erase_and_freep) char *packet = NULL; _cleanup_close_ int socket_fd = -1; union sockaddr_union sa = {}; size_t packet_length = 1; char **p, *d; ssize_t n; - int r, salen; + int salen; assert(socket_name); @@ -266,22 +266,14 @@ static int send_passwords(const char *socket_name, char **passwords) { d = stpcpy(d, *p) + 1; socket_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0); - if (socket_fd < 0) { - r = log_debug_errno(errno, "socket(): %m"); - goto finish; - } + if (socket_fd < 0) + return log_debug_errno(errno, "socket(): %m"); n = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, salen); - if (n < 0) { - r = log_debug_errno(errno, "sendto(): %m"); - goto finish; - } + if (n < 0) + return log_debug_errno(errno, "sendto(): %m"); - r = (int) n; - -finish: - explicit_bzero_safe(packet, packet_length); - return r; + return (int) n; } static int parse_password(const char *filename, char **wall) { -- cgit v1.2.1