Changeset 5990 for pjproject/trunk/pjlib/src/pj/ssl_sock_imp_common.c

Timestamp:

May 15, 2019 2:43:01 AM (5 years ago)

Author:

nanang

Message:

Close #2179: Wipe out memory used for storing SSL keys before released.

File:

• pjproject/trunk/pjlib/src/pj/ssl_sock_imp_common.c (modified) (2 diffs)

pjproject/trunk/pjlib/src/pj/ssl_sock_imp_common.c

@@ -597 +597 @@
 }
 
+
+static void wipe_buf(pj_str_t *buf)
+{
+    volatile char *p = buf->ptr;
+    pj_ssize_t len = buf->slen;
+    while (len--) *p++ = 0;
+    buf->slen = 0;
+}
+
+static void wipe_cert_buffer(pj_ssl_cert_t *cert)
+{
+    wipe_buf(&cert->CA_file);
+    wipe_buf(&cert->CA_path);
+    wipe_buf(&cert->cert_file);
+    wipe_buf(&cert->privkey_file);
+    wipe_buf(&cert->privkey_pass);
+    wipe_buf(&cert->CA_buf);
+    wipe_buf(&cert->cert_buf);
+    wipe_buf(&cert->privkey_buf);
+}
+
 static void ssl_on_destroy(void *arg)
 {
@@ -614 +635 @@
     }
 
-    pj_pool_safe_release(&ssock->pool);
+    /* Wipe out cert & key buffer, note that they may not be allocated
+     * using SSL socket memory pool.
+     */
+    if (ssock->cert) {
+        wipe_cert_buffer(ssock->cert);
+    }
+
+    /* Secure release pool, i.e: all memory blocks will be zeroed first */
+    pj_pool_secure_release(&ssock->pool);
 }