From dbe7e456954bf001420c4552c2b6e184ec6e068c Mon Sep 17 00:00:00 2001 From: Selva Nair Date: Thu, 5 Sep 2024 12:07:24 +0200 Subject: [PATCH] proxy.c: Clear sensitive data after use Usage of credentials is a bit odd in this file. Actually the copy of "struct user_pass" kept in p->up is not required at all. It just defeats the purpose of auth-nocahe as it never gets cleared. Removing it is beyond the scope of this patch -- we just ensure it's purged after use. Change-Id: Ic6d63a319d272a56ac0e278f1356bc5241b56a34 Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld Message-Id: <20240905100724.4105-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29061.html Signed-off-by: Gert Doering --- src/openvpn/proxy.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 5de0da41..eddacc9d 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -247,7 +247,9 @@ username_password_as_base64(const struct http_proxy_info *p, struct buffer out = alloc_buf_gc(strlen(p->up.username) + strlen(p->up.password) + 2, gc); ASSERT(strlen(p->up.username) > 0); buf_printf(&out, "%s:%s", p->up.username, p->up.password); - return (const char *)make_base64_string((const uint8_t *)BSTR(&out), gc); + char *ret = (char *)make_base64_string((const uint8_t *)BSTR(&out), gc); + secure_memzero(BSTR(&out), out.len); + return ret; } static void @@ -736,6 +738,9 @@ establish_http_proxy_passthru(struct http_proxy_info *p, ASSERT(0); } + /* clear any sensitive content in buf */ + secure_memzero(buf, sizeof(buf)); + /* send empty CR, LF */ if (!send_crlf(sd)) { @@ -983,6 +988,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p, { goto error; } + /* clear any sensitive content in buf */ + secure_memzero(buf, sizeof(buf)); /* receive reply from proxy */ if (!recv_line(sd, buf, sizeof(buf), get_server_poll_remaining_time(server_poll_timeout), true, NULL, signal_received)) @@ -1086,10 +1093,12 @@ establish_http_proxy_passthru(struct http_proxy_info *p, #endif done: + purge_user_pass(&p->up, true); gc_free(&gc); return ret; error: + purge_user_pass(&p->up, true); register_signal(sig_info, SIGUSR1, "HTTP proxy error"); /* SOFT-SIGUSR1 -- HTTP proxy error */ gc_free(&gc); return ret;