diff options
| author | Martin Willi <martin@strongswan.org> | 2009-08-19 16:02:20 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-08-26 11:23:51 +0200 |
| commit | 934d49a4f96e129616e75a946136158e3dfc022c (patch) | |
| tree | f430200d867c094a37ebdc1410439bae83378c1c /src | |
| parent | 957d1163286942fd966d2a83b027abc80bab000b (diff) | |
| download | strongswan-934d49a4f96e129616e75a946136158e3dfc022c.tar.bz2 strongswan-934d49a4f96e129616e75a946136158e3dfc022c.tar.xz | |
chunk_cat/cata/create_cat/length accept the sensitive data clearing mode 's'
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/chunk.c | 21 | ||||
| -rw-r--r-- | src/libstrongswan/chunk.h | 8 |
2 files changed, 19 insertions, 10 deletions
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c index 40a93e21a..bdea31188 100644 --- a/src/libstrongswan/chunk.c +++ b/src/libstrongswan/chunk.c @@ -72,6 +72,7 @@ size_t chunk_length(const char* mode, ...) { case 'm': case 'c': + case 's': { chunk_t ch = va_arg(chunks, chunk_t); length += ch.len; @@ -97,25 +98,31 @@ chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...) va_start(chunks, mode); while (TRUE) { - bool free_chunk = FALSE; + bool free_chunk = FALSE, clear_chunk = FALSE; + chunk_t ch; + switch (*mode++) { + case 's': + clear_chunk = TRUE; + /* FALL */ case 'm': - { free_chunk = TRUE; - } + /* FALL */ case 'c': - { - chunk_t ch = va_arg(chunks, chunk_t); + ch = va_arg(chunks, chunk_t); memcpy(ptr, ch.ptr, ch.len); ptr += ch.len; construct.len += ch.len; - if (free_chunk) + if (clear_chunk) + { + chunk_clear(&ch); + } + else if (free_chunk) { free(ch.ptr); } continue; - } default: break; } diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index 66c3f26a2..91b4442ef 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -69,9 +69,11 @@ chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk); size_t chunk_length(const char *mode, ...); /** - * Concatenate chunks into a chunk pointing to "ptr", - * "mode" is a string of "c" (copy) and "m" (move), which says - * how to handle the chunks in "..." + * Concatenate chunks into a chunk pointing to "ptr". + * + * The mode string specifies the number of chunks, and how to handle each of + * them with a single character: 'c' for copy (allocate new chunk), 'm' for move + * (free given chunk) or 's' for sensitive-move (clear given chunk, then free). */ chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...); |