commit b4369fb

uint  ·  2026-01-28 22:38:31 +0000 UTC
parent 21bc931 
zero-out decoded password after done using it
3 files changed,  +22, -0
M server/include/util.h
M server/users.c
M server/util.c
M server/include/util.h
+1, -0 
1@@ -6,6 +6,7 @@
2 const char* cistrstr(const char* hay, const char* nee);
3 int hdr_get_value(char out[512], const char* hdr, const char* key);
4 int join_path(char* out, size_t outsz, const char* a, const char* b);
5+void secure_bzero(void* p, size_t n);
6 int write_all(int fd, const void* buf, size_t n);
7 
8 #endif /* UTIL_H */
M server/users.c
+7, -0 
 1@@ -194,12 +194,14 @@ const struct user* users_auth_from_hdr(const char* hdr)
 2 	unsigned char dec[512];
 3 	if (b64_decode(dec, sizeof(dec), p) < 0) {
 4 		LOG(verbose_log, "AUTH", "Basic Auth         B64 decode failed");
 5+		secure_bzero(dec, sizeof(dec));
 6 		return NULL;
 7 	}
 8 
 9 	char* sep = strchr((char*)dec, ':');
10 	if (!sep) {
11 		LOG(verbose_log, "AUTH", "Basic Auth         Decoded but missing ':'");
12+		secure_bzero(dec, sizeof(dec));
13 		return NULL;
14 	}
15 
16@@ -210,6 +212,7 @@ const struct user* users_auth_from_hdr(const char* hdr)
17 	const struct user* u = find_user(user);
18 	if (!u) {
19 		LOG(true, "AUTH", "Login FAILED Unknown user '%s'", user);
20+		secure_bzero(dec, sizeof(dec));
21 		return NULL;
22 	}
23 
24@@ -217,18 +220,22 @@ const struct user* users_auth_from_hdr(const char* hdr)
25 	if (u->pass[0] == '\0') {
26 		if (pass[0] == '\0') {
27 			LOG(true, "AUTH", "Login OK           %s", user);
28+			secure_bzero(dec, sizeof(dec));
29 			return u;
30 		}
31 		LOG(true, "AUTH", "Login FAILED       %s", user);
32+		secure_bzero(dec, sizeof(dec));
33 		return NULL;
34 	}
35 
36 	if (!ct_equal(u->pass, pass)) {
37 		LOG(true, "AUTH", "Login FAILED Bad password %s", user);
38+		secure_bzero(dec, sizeof(dec));
39 		return NULL;
40 	}
41 
42 	LOG(verbose_log, "AUTH", "Login OK           %s", user);
43+	secure_bzero(dec, sizeof(dec));
44 	return u;
45 }
46
M server/util.c
+14, -0 
 1@@ -126,6 +126,20 @@ int join_path(char* out, size_t outsz, const char* a, const char* b)
 2 	return snprintf(out, outsz, "%s/%s", a, b) < (int)outsz ? 0 : -1;
 3 }
 4 
 5+void secure_bzero(void* p, size_t n)
 6+{
 7+	if (!p || n == 0)
 8+		return;
 9+
10+#if defined(__OpenBSD__)
11+	explicit_bzero(p, n);
12+#else
13+	volatile unsigned char* vp = (volatile unsigned char*)p;
14+	while (n--)
15+		*vp++ = 0;
16+#endif
17+}
18+
19 int write_all(int fd, const void* buf, size_t n)
20 {
21 	const char* p = buf;