Call setbuf when reading or writing files: programs After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), but only in sample programs that were calling mbedtls_platform_zeroize(). Don't bother protecting stdio buffers in programs where application buffers weren't protected. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 6d576c9646fec898d938232d03aaad7c048e6aa1 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 30 17:06:11 2022 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 30 17:06:11 2022 +0200
tree: fccc879406b6681164818ee27e08c589fecbdcc2
parent: da0913ba6b3ddd5708189df8115d85bbd0ff2be3 [diff] [blame]
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 74ea88c..fa874b2 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c

@@ -171,6 +171,10 @@
         goto exit;
     }
 
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf( fin, NULL );
+    mbedtls_setbuf( fout, NULL );
+
     /*
      * Read the Cipher and MD from the command line
      */
commit	6d576c9646fec898d938232d03aaad7c048e6aa1	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 30 17:06:11 2022 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 30 17:06:11 2022 +0200
tree	fccc879406b6681164818ee27e08c589fecbdcc2
parent	da0913ba6b3ddd5708189df8115d85bbd0ff2be3 [diff] [blame]