memory, threading, network hardening

Signed-off-by: Pavel Okhlopkov <pavel.okhlopkov@flant.com>
2026-05-07 17:43:51 +00:00 · 2026-04-06 21:19:37 +03:00 · 2026-04-06 21:19:37 +03:00 · 2e8856bacd
commit 2e8856bacd
parent 312994be83
9 changed files with 135 additions and 24 deletions
--- a/src/auth/auth_handler.cpp
+++ b/src/auth/auth_handler.cpp
@ -68,6 +68,26 @@ void AuthHandler::disconnect() {
        socket->disconnect();
        socket.reset();
    }
+
+    // Scrub sensitive material when tearing down the auth session.
+    if (!password.empty()) {
+        volatile char* p = const_cast<volatile char*>(password.data());
+        for (size_t i = 0; i < password.size(); ++i)
+            p[i] = '\0';
+        password.clear();
+        password.shrink_to_fit();
+    }
+    if (!sessionKey.empty()) {
+        volatile uint8_t* k = const_cast<volatile uint8_t*>(sessionKey.data());
+        for (size_t i = 0; i < sessionKey.size(); ++i)
+            k[i] = 0;
+        sessionKey.clear();
+        sessionKey.shrink_to_fit();
+    }
+    if (srp) {
+        srp->clearCredentials();
+    }
+
    setState(AuthState::DISCONNECTED);
    LOG_INFO("Disconnected from auth server");
 }
@ -354,6 +374,16 @@ void AuthHandler::handleLogonProofResponse(network::Packet& packet) {
    sessionKey = srp->getSessionKey();
    setState(AuthState::AUTHENTICATED);

+    // Plaintext password is no longer needed — zero-fill and release it so it
+    // doesn't sit in process memory for the rest of the session.
+    if (!password.empty()) {
+        volatile char* p = const_cast<volatile char*>(password.data());
+        for (size_t i = 0; i < password.size(); ++i)
+            p[i] = '\0';
+        password.clear();
+        password.shrink_to_fit();
+    }
+
    LOG_INFO("========================================");
    LOG_INFO("   AUTHENTICATION SUCCESSFUL!");
    LOG_INFO("========================================");
--- a/src/auth/srp.cpp
+++ b/src/auth/srp.cpp
@ -96,6 +96,10 @@ void SRP::feed(const std::vector<uint8_t>& B_bytes,
    // 5. Compute proofs (M1, M2)
    computeProofs(stored_username);

+    // Credentials are no longer needed — zero and release them so they don't
+    // linger in process memory longer than necessary.
+    clearCredentials();
+
    // Log key values for debugging auth issues
    auto hexStr = [](const std::vector<uint8_t>& v, size_t maxBytes = 8) -> std::string {
        std::ostringstream ss;
@ -314,5 +318,26 @@ std::vector<uint8_t> SRP::getSessionKey() const {
    return K;
 }

+void SRP::clearCredentials() {
+    // Overwrite plaintext password bytes before releasing storage so that a
+    // heap dump / core file doesn't leak the user's credentials.  This is
+    // not a guarantee against a privileged attacker with live memory access,
+    // but it removes the most common exposure vector.
+    if (!stored_password.empty()) {
+        volatile char* p = const_cast<volatile char*>(stored_password.data());
+        for (size_t i = 0; i < stored_password.size(); ++i)
+            p[i] = '\0';
+        stored_password.clear();
+        stored_password.shrink_to_fit();
+    }
+    if (!stored_auth_hash.empty()) {
+        volatile uint8_t* h = const_cast<volatile uint8_t*>(stored_auth_hash.data());
+        for (size_t i = 0; i < stored_auth_hash.size(); ++i)
+            h[i] = 0;
+        stored_auth_hash.clear();
+        stored_auth_hash.shrink_to_fit();
+    }
+}
+
 } // namespace auth
 } // namespace wowee