Call setbuf when reading or writing files: programs

After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), but only in sample programs that were calling mbedtls_platform_zeroize(). Don't bother protecting stdio buffers in programs where application buffers weren't protected. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:06:11 +02:00 · 2022-06-30 17:06:11 +02:00 · 6d576c9646
commit 6d576c9646
parent da0913ba6b
4 changed files with 22 additions and 0 deletions
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@ -101,6 +101,10 @@ void nss_keylog_export( void *p_expkey,
            goto exit;
        }

+        /* Ensure no stdio buffering of secrets, as such buffers cannot be
+         * wiped. */
+        mbedtls_setbuf( f, NULL );
+
        if( fwrite( nss_keylog_line, 1, len, f ) != len )
        {
            fclose( f );