Changeset 102490 in vbox for trunk/src/VBox/Runtime

Timestamp:

Dec 6, 2023 12:34:17 AM (12 months ago)

Author:

vboxsync

Message:

IRPT/shacrypt: Don't use RTMemDup on the passpharse in step 16 since it'll be overwritten at once, use RTMemTmpAllocZ instead. bugref:10551

Location:

trunk/src/VBox/Runtime/common/crypto

Files:

• shacrypt-256.cpp.h (modified) (2 diffs)
• shacrypt-512.cpp.h (modified) (2 diffs)

trunk/src/VBox/Runtime/common/crypto/shacrypt-256.cpp.h

@@ -110 +110 @@
      */
     size_t const cbSeqP  = cchPhrase;
-    uint8_t     *pabSeqP = (uint8_t *)RTMemDup(pszPhrase, cbSeqP + 1);          /* +1 because the password may be empty */
+    uint8_t     *pabSeqP = (uint8_t *)RTMemTmpAllocZ(cbSeqP + 1);               /* +1 because the password may be empty */
     uint8_t     *pb       = pabSeqP;
     AssertPtrReturn(pabSeqP, VERR_NO_MEMORY);
@@ -190 +190 @@
     RTMemWipeThoroughly(abDigestTemp, RTSHA256_HASH_SIZE, 3);
     RTMemWipeThoroughly(pabSeqP, cbSeqP, 3);
-    RTMemFree(pabSeqP);
+    RTMemTmpFree(pabSeqP);
 #if 0
     RTMemWipeThoroughly(pabSeqS, cbSeqS, 3);

trunk/src/VBox/Runtime/common/crypto/shacrypt-512.cpp.h

@@ -111 +111 @@
      */
     size_t const cbSeqP  = cchPhrase;
-    uint8_t     *pabSeqP = (uint8_t *)RTMemDup(pszPhrase, cbSeqP + 1);          /* +1 because the password may be empty */
+    uint8_t     *pabSeqP = (uint8_t *)RTMemTmpAllocZ(cbSeqP + 1);               /* +1 because the password may be empty */
     uint8_t     *pb       = pabSeqP;
     AssertPtrReturn(pabSeqP, VERR_NO_MEMORY);
@@ -191 +191 @@
     RTMemWipeThoroughly(abDigestTemp, RTSHA512_HASH_SIZE, 3);
     RTMemWipeThoroughly(pabSeqP, cbSeqP, 3);
-    RTMemFree(pabSeqP);
+    RTMemTmpFree(pabSeqP);
 #if 0
     RTMemWipeThoroughly(pabSeqS, cbSeqS, 3);