From c97186ae96d4835841b02d377a9002d078a6f83b Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 26 Sep 2016 07:56:26 +0200 Subject: Ensure sensitive memory is correctly erased. --- Library/DcsCfgLib/GptEdit.c | 2 ++ Library/PasswordLib/ConsolePassword.c | 1 + Library/PasswordLib/PicturePassword.c | 2 ++ Library/VeraCryptLib/DcsVeraCrypt.c | 1 + 4 files changed, 6 insertions(+) (limited to 'Library') diff --git a/Library/DcsCfgLib/GptEdit.c b/Library/DcsCfgLib/GptEdit.c index f814975..a33d3ca 100644 --- a/Library/DcsCfgLib/GptEdit.c +++ b/Library/DcsCfgLib/GptEdit.c @@ -903,6 +903,8 @@ DeListPwdCacheEdit() DePwdCache->CRC = 0; res =gBS->CalculateCrc32(DePwdCache, 512, &crc); DePwdCache->CRC = crc; + burn (&pwd, sizeof(pwd)); + burn (&pim, sizeof(pim)); return res; } diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c index c195b48..1b8c48a 100644 --- a/Library/PasswordLib/ConsolePassword.c +++ b/Library/PasswordLib/ConsolePassword.c @@ -116,6 +116,7 @@ AskConsolePwdInt( } while (key.UnicodeChar != CHAR_CARRIAGE_RETURN); if (length != NULL) *length = count; + burn (&key, sizeof (key)); // Set end of line if (asciiLine != NULL) { asciiLine[count] = '\0'; diff --git a/Library/PasswordLib/PicturePassword.c b/Library/PasswordLib/PicturePassword.c index 67ffcbe..886ffcd 100644 --- a/Library/PasswordLib/PicturePassword.c +++ b/Library/PasswordLib/PicturePassword.c @@ -628,6 +628,8 @@ AskPictPwdInt( pwdAction = PwdActNone; } while (TRUE); + burn (&key, sizeof (key)); + burn (&pwdNewChar, sizeof (pwdNewChar)); gBS->CloseEvent(InputEvents[1]); gBS->CloseEvent(UpdateEvent); gBS->CloseEvent(BeepOffEvent); diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c index ba92931..1b6cd35 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.c +++ b/Library/VeraCryptLib/DcsVeraCrypt.c @@ -391,4 +391,5 @@ ApplyKeyFile( if (password->Length < (int)sizeof(keyPool)) password->Length = sizeof(keyPool); + burn (keyPool, sizeof(keyPool)); } \ No newline at end of file -- cgit v1.2.3