From a5d8be91b53b0c955fbed51ff4ff6cdf20f0c4fe Mon Sep 17 00:00:00 2001
From: Micha Mutschler <micha@etezian.org>
Date: Sun, 30 Jun 2013 22:18:31 +0200
Subject: Fix memory leaks, security issues and compiler warnings

- free unused memory buffers if not needed any more
- the password should be cleared from memory asap
- the return value of scanf should be processed

Signed-off-by: Micha Mutschler <micha@etezian.org>
Acked-by: Andi Shyti <andi@etezian.org>
---
 accman.c           | 24 +++++++++++++++++++++---
 src/crypt_sha256.c |  8 +++++++-
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/accman.c b/accman.c
index d12ce2a..5b0f2ef 100644
--- a/accman.c
+++ b/accman.c
@@ -12,7 +12,11 @@ char *get_name(void)
 	char name[32];
 	char *usr_n;
 
-	scanf("%s", name);
+	int got = scanf("%s", name);
+	if(got != 1) {
+		fprintf(stderr, "failed to read name...\n");
+		exit(EXIT_FAILURE);
+	}
 	usr_n = (char *) malloc(sizeof(name) + DIM_MDOM + 1);
 	if (!usr_n) {
 		printf("No free memory available\n");
@@ -55,19 +59,33 @@ char *get_password(void)
 		fprintf(stderr,
 			"Password must be between %d and %d characters\n",
 			MIN_PASSWD_LEN, MAX_PASSWD_LEN);
+		memset(tmp, 0, len);
 		exit(EXIT_FAILURE);
 	}
 
 	p = (char*) malloc (len + 1);
 	strcpy(p, tmp);
 
+	/* clear password from memory */
+	memset(tmp, 0, len);
+
 	tmp = getpass("Re-type password: ");
-	if (strcmp(p, tmp)) {
+
+	int scmp = strcmp(p, tmp);
+	memset(tmp, 0, len);
+
+	if (scmp) {
 		fprintf(stderr, "The passwords don't match, operation aborted\n");
+		/* clear passwd */
+		memset(p, 0, len);
 		exit(EXIT_FAILURE);
 	}
 
-	return get_crypt_sha256(p);
+	tmp = get_crypt_sha256(p);
+	memset(p, 0, len);
+	free(p);
+
+	return tmp;
 }
 
 int main (void)
diff --git a/src/crypt_sha256.c b/src/crypt_sha256.c
index c99cbfd..eff5eac 100644
--- a/src/crypt_sha256.c
+++ b/src/crypt_sha256.c
@@ -17,7 +17,7 @@
 #define	LEN_SHA_STR		9
 #define LEN_FINAL_PASSWD	LEN_ENC64 + LEN_SHA_STR
 
-char* get_crypt_sha256(const char *p)
+char* get_crypt_sha256(char *p)
 {
 	int rand_fd;
 	ssize_t size;
@@ -32,6 +32,7 @@ char* get_crypt_sha256(const char *p)
 	rand_fd = open(RAND_FILE, O_RDONLY);
 	if (rand_fd < 0) {
 		fprintf(stderr, "impossible to open " RAND_FILE "\n");
+		memset(p, 0, len);
 		exit(EXIT_FAILURE);
 	}
 
@@ -39,6 +40,7 @@ char* get_crypt_sha256(const char *p)
 	close(rand_fd);
 	if (size != LEN_SALT) {
 		fprintf(stderr, "failed to read from " RAND_FILE "\n");
+		memset(p, 0, len);
 		exit(EXIT_FAILURE);
 	}
 
@@ -49,6 +51,10 @@ char* get_crypt_sha256(const char *p)
 	memcpy(passwd_buff, sha_pwd, SHA256_DIGEST_LENGTH);
 	memcpy(passwd_buff + SHA256_DIGEST_LENGTH, salt+len, LEN_SALT);
 
+	/* clear plaintext passwd copy */
+	memset(salt, 0, len + LEN_SALT);
+	free(salt);
+
 	EVP_EncodeBlock(enc64_pwd, passwd_buff,
 				SHA256_DIGEST_LENGTH + LEN_SALT);
 
-- 
cgit v1.2.3