From c97186ae96d4835841b02d377a9002d078a6f83b Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Mon, 26 Sep 2016 07:56:26 +0200
Subject: Ensure sensitive memory is correctly erased.

---
 DcsInt/DcsInt.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'DcsInt')

diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c
index 46398c9..b2fa76c 100644
--- a/DcsInt/DcsInt.c
+++ b/DcsInt/DcsInt.c
@@ -156,8 +156,8 @@ PrepareBootParams(
 	SetSecRegionParamsMemory();
 
 	// Clean auth data
-	ZeroMem(&gAuthPassword, sizeof(gAuthPassword));
-	gAuthPim = 0;
+	burn(&gAuthPassword, sizeof(gAuthPassword));
+	burn(&gAuthPim, sizeof(gAuthPim));
 
 	return EFI_SUCCESS;
 }
@@ -536,6 +536,7 @@ SecRegionChangePwd() {
 		}
 		VCAskPwd(AskPwdConfirm, &confirmPassword);
 		if (gAuthPwdCode == AskPwdRetCancel) {
+			burn(&newPassword, sizeof(newPassword));
 			return EFI_NOT_READY;
 		}
 		if (newPassword.Length == confirmPassword.Length) {
@@ -921,15 +922,15 @@ VirtualNotifyEvent(
 {
 	// Clean all sensible info and keys before transfer to OS
 	if (SecRegionCryptInfo != NULL) {
-		ZeroMem(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
+		burn(SecRegionCryptInfo, sizeof(*SecRegionCryptInfo));
 	}
 
 	if (gRnd != NULL) {
-		ZeroMem(gRnd, sizeof(*gRnd));
+		burn(gRnd, sizeof(*gRnd));
 	}
 
 	if (SecRegionData != NULL) {
-		ZeroMem(SecRegionData, SecRegionSize);
+		burn(SecRegionData, SecRegionSize);
 	}
 }
 
-- 
cgit v1.2.3