From f08767d9644029bd3ac0e83bf160a7bf03a5c8de Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Fri, 21 Dec 2018 22:03:48 +0000
Subject: [PATCH] Clear TCG TSS2 auth passwords on free

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 auth-common.c          | 29 ++++++++++++++++-------------
 auth-globalprotect.c   |  7 +++++--
 gnutls_tpm2_esys.c     |  5 ++++-
 openconnect-internal.h |  1 +
 4 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/auth-common.c b/auth-common.c
index b0bdd9bd..b86440e2 100644
--- a/auth-common.c
+++ b/auth-common.c
@@ -109,26 +109,29 @@ int append_form_opts(struct openconnect_info *vpninfo,
 	return 0;
 }
 
-void free_pass(char **p)
+void clear_mem(void *p, size_t s)
 {
-	if (!*p)
-		return;
-
 #if defined(HAVE_MEMSET_S)
-	memset_s(*p, 0x5a, strlen(*p));
+	memset_s(p, 0x5a, s);
 #elif defined(HAVE_EXPLICIT_MEMSET)
-	explicit_memset(*p, 0x5a, strlen(*p));
+	explicit_memset(p, 0x5a, s);
 #elif defined(HAVE_EXPLICIT_BZERO)
-	explicit_bzero(*p, strlen(*p));
+	explicit_bzero(p, s);
 #elif defined(_WIN32)
-	SecureZeroMemory(*p, strlen(*p));
+	SecureZeroMemory(p, s);
 #else
-	{
-		volatile char *pp = (volatile char *)*p;
-		while (*pp)
-			*(pp++) = 0x5a;
-	}
+	volatile char *pp = (volatile char *)p;
+	while (s--)
+		*(pp++) = 0x5a;
 #endif
+}
+
+void free_pass(char **p)
+{
+	if (!*p)
+		return;
+
+	clear_mem(*p, strlen(*p));
 	free(*p);
 	*p = NULL;
 }
diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index 61f0fbe8..399369d7 100644
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -457,8 +457,11 @@ static int gpst_login(struct openconnect_info *vpninfo, int portal, struct login
 
 		/* submit prelogin request to get form */
 		orig_path = vpninfo->urlpath;
-		asprintf(&vpninfo->urlpath, "%s/prelogin.esp?tmp=tmp&clientVer=4100&clientos=%s",
-				 portal ? "global-protect" : "ssl-vpn", clientos);
+		if (asprintf(&vpninfo->urlpath, "%s/prelogin.esp?tmp=tmp&clientVer=4100&clientos=%s",
+			     portal ? "global-protect" : "ssl-vpn", clientos)) {
+			result = -ENOMEM;
+			goto out;
+		}
 		result = do_https_request(vpninfo, "POST", NULL, NULL, &xml_buf, 0);
 		free(vpninfo->urlpath);
 		vpninfo->urlpath = orig_path;
diff --git a/gnutls_tpm2_esys.c b/gnutls_tpm2_esys.c
index e848319d..0a6bc437 100644
--- a/gnutls_tpm2_esys.c
+++ b/gnutls_tpm2_esys.c
@@ -575,7 +575,10 @@ int install_tpm2_key(struct openconnect_info *vpninfo, gnutls_privkey_t *pkey, g
 
 void release_tpm2_ctx(struct openconnect_info *vpninfo)
 {
-	if (vpninfo->tpm2)
+	if (vpninfo->tpm2) {
+		clear_mem(vpninfo->tpm2->ownerauth.buffer, sizeof(vpninfo->tpm2->ownerauth.buffer));
+		clear_mem(vpninfo->tpm2->userauth.buffer, sizeof(vpninfo->tpm2->userauth.buffer));
 		free(vpninfo->tpm2);
+	}
 	vpninfo->tpm2 = NULL;
 }
diff --git a/openconnect-internal.h b/openconnect-internal.h
index ecaaba1c..f9a89e41 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -1013,6 +1013,7 @@ int xmlnode_match_prop(xmlNode *xml_node, const char *name, const char *match);
 int append_opt(struct oc_text_buf *body, const char *opt, const char *name);
 int append_form_opts(struct openconnect_info *vpninfo,
 		     struct oc_auth_form *form, struct oc_text_buf *body);
+void clear_mem(void *p, size_t s);
 void free_pass(char **p);
 void free_opt(struct oc_form_opt *opt);
 void free_auth_form(struct oc_auth_form *form);
-- 
2.50.1