From 8d14c48ec1a01c97ae70443a39126939950a28f4 Mon Sep 17 00:00:00 2001 From: Dinesh K Garg Date: Thu, 21 Jan 2016 12:55:52 -0800 Subject: Cleanup temporarily stored passwords While verifying or updating passwords, those are copied into temp variables which are freed after use. These variables should be cleaned up before freeing so that passwords are not left in memory if someone dumps the memory. Change-Id: I94f76f679bac18a682c796fe98236549e8f5e1aa --- cryptfs_hw.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/cryptfs_hw.c b/cryptfs_hw.c index a0177fa..e149aec 100755 --- a/cryptfs_hw.c +++ b/cryptfs_hw.c @@ -74,6 +74,13 @@ static int (*qseecom_create_key)(int, void*); static int (*qseecom_update_key)(int, void*, void*); static int (*qseecom_wipe_key)(int); +inline void* secure_memset(void* v, int c , size_t n) { + volatile unsigned char* p = (volatile unsigned char* )v; + while (n--) *p++ = c; + return v; +} + + static int map_usage(int usage) { int storage_type = is_ice_enabled(); @@ -189,8 +196,10 @@ static int set_key(const char* currentpasswd, const char* passwd, const char* en unsigned char* tmp_currentpasswd = get_tmp_passwd(currentpasswd); if(tmp_passwd) { if (operation == UPDATE_HW_DISK_ENC_KEY) { - if (tmp_currentpasswd) + if (tmp_currentpasswd) { err = qseecom_update_key(map_usage(QSEECOM_DISK_ENCRYPTION), tmp_currentpasswd, tmp_passwd); + secure_memset(tmp_currentpasswd, 0, MAX_PASSWORD_LEN); + } } else if (operation == SET_HW_DISK_ENC_KEY) { err = qseecom_create_key(map_usage(QSEECOM_DISK_ENCRYPTION), tmp_passwd); } @@ -198,6 +207,7 @@ static int set_key(const char* currentpasswd, const char* passwd, const char* en if(ERR_MAX_PASSWORD_ATTEMPTS == err) wipe_userdata(); } + secure_memset(tmp_passwd, 0, MAX_PASSWORD_LEN); free(tmp_passwd); free(tmp_currentpasswd); } -- cgit v1.2.3