diff options
| author | Håkon Nessjøen <haakon.nessjoen@gmail.com> | 2013-06-29 13:00:01 +0200 |
|---|---|---|
| committer | Håkon Nessjøen <haakon.nessjoen@gmail.com> | 2013-06-29 13:00:01 +0200 |
| commit | 9fb9354c89570de1e71817ca80c9535c502c9c69 (patch) | |
| tree | cfcab17c2de79327e222e9f2f3e0e1f13db6782d | |
| parent | 49597eed6c6cbf847a0c7f5af2333e3702e07f7d (diff) | |
| download | MAC-Telnet-9fb9354c89570de1e71817ca80c9535c502c9c69.tar.gz MAC-Telnet-9fb9354c89570de1e71817ca80c9535c502c9c69.zip | |
Added some paranoid memory locking on linux
| -rw-r--r-- | mactelnet.c | 14 | ||||
| -rw-r--r-- | mactelnetd.c | 12 |
2 files changed, 25 insertions, 1 deletions
diff --git a/mactelnet.c b/mactelnet.c index 580d5ae..7710cc1 100644 --- a/mactelnet.c +++ b/mactelnet.c @@ -37,6 +37,7 @@ #include <string.h> #ifdef __LINUX__ #include <linux/if_ether.h> +#include <sys/mman.h> #endif #include "md5.h" #include "protocol.h" @@ -197,6 +198,11 @@ static void send_auth(char *username, char *password) { int plen; md5_state_t state; +#if defined(__LINUX__) && defined(_POSIX_MEMLOCK_RANGE) + mlock(md5data, sizeof(md5data)); + mlock(md5sum, sizeof(md5data)); +#endif + /* Concat string of 0 + password + encryptionkey */ md5data[0] = 0; strncpy(md5data + 1, password, 82); @@ -460,6 +466,9 @@ int main (int argc, char **argv) { case 'p': /* Save password */ +#if defined(__LINUX__) && defined(_POSIX_MEMLOCK_RANGE) + mlock(password, sizeof(password)); +#endif strncpy(password, optarg, sizeof(password) - 1); password[sizeof(password) - 1] = '\0'; have_password = 1; @@ -586,11 +595,14 @@ int main (int argc, char **argv) { if (!have_password) { char *tmp; tmp = getpass(quiet_mode ? "" : _("Password: ")); +#if defined(__LINUX__) && defined(_POSIX_MEMLOCK_RANGE) + mlock(password, sizeof(password)); +#endif strncpy(password, tmp, sizeof(password) - 1); password[sizeof(password) - 1] = '\0'; /* security */ memset(tmp, 0, strlen(tmp)); -#ifdef __GNUC__ +#ifdef __LINUX__ free(tmp); #endif } diff --git a/mactelnetd.c b/mactelnetd.c index cdb2727..b90ce2f 100644 --- a/mactelnetd.c +++ b/mactelnetd.c @@ -45,6 +45,7 @@ #include <sys/ioctl.h> #include <sys/stat.h> #include <sys/sysinfo.h> +#include <sys/mman.h> #include <pwd.h> #include <utmp.h> #include <syslog.h> @@ -385,6 +386,14 @@ static void user_login(struct mt_connection *curconn, struct mt_mactelnet_hdr *p if ((user = find_user(curconn->username)) != NULL) { md5_state_t state; +#ifdef _POSIX_MEMLOCK_RANGE + mlock(md5data, sizeof(md5data)); + mlock(md5sum, sizeof(md5sum)); + if (user->password != NULL) { + mlock(user->password, strlen(user->password)); + } +#endif + /* Concat string of 0 + password + encryptionkey */ md5data[0] = 0; strncpy(md5data + 1, user->password, 82); @@ -589,6 +598,9 @@ static void handle_data_packet(struct mt_connection *curconn, struct mt_mactelne } else if (cpkt.cptype == MT_CPTYPE_PASSWORD) { +#ifdef _POSIX_MEMLOCK_RANGE + mlock(curconn->trypassword, 17); +#endif memcpy(curconn->trypassword, cpkt.data, 17); got_pass_packet = 1; |