From patchwork Thu Sep 5 10:07:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3795 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:3a64:b0:5b9:581e:f939 with SMTP id p4csp699451mao; Thu, 5 Sep 2024 03:08:05 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVJGW85emwj1IunedlYaE2OYoEjj8UinwD2xQd6AQc7KDvTvC0nfWg4kPn7Bj+mwdT83iV0A1GTna8=@openvpn.net X-Google-Smtp-Source: AGHT+IHIqyJvYicuHw8g0AzC8jPIDH5Nu6FV/e11FZi+bHJ7W6pxAcUmZsTDTV5cVUIeUgitY0g/ X-Received: by 2002:a17:903:1c5:b0:205:6a4b:640e with SMTP id d9443c01a7336-206b83d0bacmr72121905ad.30.1725530885377; Thu, 05 Sep 2024 03:08:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725530885; cv=none; d=google.com; s=arc-20240605; b=akKXVQSXoKNtyLI+0UYIZ+osES4ETZrycwf5H6xV/8eB1EEY5cmuG32lqJNRq9Bw5e T8lOLwfENpdiCKDPQx4ZfmYaAX9Lrw1jOwTJHkDtysPPCUlUVRlGLHgwO+C3+Kq81usv 0BoLPmRcGTzriRQ85ptOwAKwQ8Nqub/RsMWjoJxeo0Inxb0Ra/h5KNtkLspHSV0mJRM/ LVQ0WX3Zp3UXecj0xh3WBjGZkKSymx0v4V3XPiOi2VTJLiGXFpmbUUgliWwXxfTEBN1m ihccJUza61mJakUau3j6YznChMiHkNvfqsol0lgjIgwUcsA8mo4pHLwAlkhYK/k/x+ap o4SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=AOWvTCXPQKQjuHYUZGKlSBLkHqE74o87Uzb4KWQefP4=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=J/ps1pkOh++CwJBdG4x6dwgTjIJTyce8Uw9XVoOGyYCPh0CLZIyjJtzSKFERsCHlW5 ZP07X84Lw947VjwUz4Pnyvb4eHvPHgoIjVIAiKhEnLByCJ/Ian42zWruRu/4lC3pJy1a DMrzExNgik+rodog6z+rKyVjXnOzNCqQIapxsCMawQs/vw8lS+QBhbMSBmbMsby5uZad taf9ljoZu/yiev4OI01bn/Xzr3mf18in6u1IZmCwCpLVwmjWba8W96L/FWoFBSq62Y1I DHHv7c/mLl+xrATqVlgwbt6tovUnsCr20NZQQm/FeRd6PKEljH14Zzx/r10rOMkr1qdv SuoQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dvO63nGQ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BzbBvnAm; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d9443c01a7336-206ae8bd10csi43397395ad.2.2024.09.05.03.08.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Sep 2024 03:08:05 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dvO63nGQ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BzbBvnAm; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sm9Ov-0002Tk-5H; Thu, 05 Sep 2024 10:07:41 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sm9Os-0002TU-Ne for openvpn-devel@lists.sourceforge.net; Thu, 05 Sep 2024 10:07:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2/wDWYq+eUTNGKT36fusI9al17Rm1U6QCRfARHJ/W0c=; b=dvO63nGQNRkLQMDuKoyif4HVW5 lRhPZvsUfMa+QBRss41jpZmnYBcKjKdn80gd31Q+Xl2UVcv/OC1maLO3hzwY7p/3NU9IJBwu7OwmA /wuUajJT2Hy97vrUZEdRrOL1Z0t1dxbXoC8uY5WpbfE3r855DKcjGZEndDIojc1JJmoA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=2/wDWYq+eUTNGKT36fusI9al17Rm1U6QCRfARHJ/W0c=; b=BzbBvnAmgKseKVd7HYzz2xQHXr /Q6Y/IfCUGBKPzsCVfr7sy7TmsdHDhyGVkCOajISXZ0i/x3EnjIBfzZzLEUY/v9SMAGgkwKZehqC1 zigCbEKSorKyCU2bMG0+OnMsNg/iEQKqRQw0TQjylQSbdLvcyoJm4cy7TzxEPY70cITw=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1sm9Or-0007aR-7h for openvpn-devel@lists.sourceforge.net; Thu, 05 Sep 2024 10:07:38 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 485A7PA3004115 for ; Thu, 5 Sep 2024 12:07:25 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 485A7PKO004114 for openvpn-devel@lists.sourceforge.net; Thu, 5 Sep 2024 12:07:25 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 5 Sep 2024 12:07:24 +0200 Message-ID: <20240905100724.4105-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.44.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Usage of credentials is a bit odd in this file. Actually the copy of "struct user_pass" kept in p->up is not required at all. It just defeats the purpose of auth-nocahe as it never gets cleared. Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1sm9Or-0007aR-7h Subject: [Openvpn-devel] [PATCH v1] proxy.c: Clear sensitive data after use X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1809350273536892537?= X-GMAIL-MSGID: =?utf-8?q?1809350273536892537?= From: Selva Nair Usage of credentials is a bit odd in this file. Actually the copy of "struct user_pass" kept in p->up is not required at all. It just defeats the purpose of auth-nocahe as it never gets cleared. Removing it is beyond the scope of this patch -- we just ensure it's purged after use. Change-Id: Ic6d63a319d272a56ac0e278f1356bc5241b56a34 Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/727 This mail reflects revision 1 of this Change. Signed-off-by line for the author was added as per our policy. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 5de0da4..eddacc9 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -247,7 +247,9 @@ struct buffer out = alloc_buf_gc(strlen(p->up.username) + strlen(p->up.password) + 2, gc); ASSERT(strlen(p->up.username) > 0); buf_printf(&out, "%s:%s", p->up.username, p->up.password); - return (const char *)make_base64_string((const uint8_t *)BSTR(&out), gc); + char *ret = (char *)make_base64_string((const uint8_t *)BSTR(&out), gc); + secure_memzero(BSTR(&out), out.len); + return ret; } static void @@ -736,6 +738,9 @@ ASSERT(0); } + /* clear any sensitive content in buf */ + secure_memzero(buf, sizeof(buf)); + /* send empty CR, LF */ if (!send_crlf(sd)) { @@ -983,6 +988,8 @@ { goto error; } + /* clear any sensitive content in buf */ + secure_memzero(buf, sizeof(buf)); /* receive reply from proxy */ if (!recv_line(sd, buf, sizeof(buf), get_server_poll_remaining_time(server_poll_timeout), true, NULL, signal_received)) @@ -1086,10 +1093,12 @@ #endif done: + purge_user_pass(&p->up, true); gc_free(&gc); return ret; error: + purge_user_pass(&p->up, true); register_signal(sig_info, SIGUSR1, "HTTP proxy error"); /* SOFT-SIGUSR1 -- HTTP proxy error */ gc_free(&gc); return ret;