From 471d28bd1035678289c744fb95ad4dd7df1b6868 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 27 Jul 2004 02:14:42 +0000
Subject: [PATCH] - Rename common-packet.c to packet.c - buf_burn the
 unencrypted read/write payload buffers after use to avoid   sensitive
 contents sitting in memory for too long

--HG--
extra : convert_revision : 19227d63bda554e819ae7df919bfd18911d5b4a0
---
 common-packet.c => packet.c | 4 ++++
 process-packet.c            | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)
 rename common-packet.c => packet.c (98%)

diff --git a/common-packet.c b/packet.c
similarity index 98%
rename from common-packet.c
rename to packet.c
index 39387bf8..886fe67c 100644
--- a/common-packet.c
+++ b/packet.c
@@ -444,6 +444,10 @@ void encrypt_packet() {
 	}
 
 	/* finished with payload */
+	buf_burn(ses.writepayload); /* XXX This is probably a good idea, and isn't
+								   _that_ likely to hurt performance too badly.
+								   Buffers can have cleartext passwords etc, or
+								   other sensitive data */
 	buf_setpos(ses.writepayload, 0);
 	buf_setlen(ses.writepayload, 0);
 
diff --git a/process-packet.c b/process-packet.c
index afa45efd..f9f6dee3 100644
--- a/process-packet.c
+++ b/process-packet.c
@@ -116,7 +116,7 @@ void process_packet() {
 	 * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ).
 	 * NOTE: if the protocol changes and new types are added, revisit this 
 	 * assumption */
-	if ( !ses.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
+	if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
 		dropbear_exit("received message %d before userauth", type);
 	}
 
@@ -138,6 +138,7 @@ void process_packet() {
 	recv_unimplemented();
 
 out:
+	buf_burn(ses.payload); /* Clear the memory to avoid swapping it out */
 	buf_free(ses.payload);
 	ses.payload = NULL;
 
-- 
GitLab