From 401b1140a7832a40207a09655233ce54d50ba4e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Wed, 15 Jan 2025 12:17:57 +0100
Subject: [PATCH] crypt: Zeroize and initialize (re)allocated memory in
 crypt_ra.

Also consolidate the (re)allocation logic.
---
 lib/crypt.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/lib/crypt.c b/lib/crypt.c
index 6e5aab02..c186f013 100644
--- a/lib/crypt.c
+++ b/lib/crypt.c
@@ -207,20 +207,23 @@ SYMVER_crypt_rn;
 char *
 crypt_ra (const char *phrase, const char *setting, void **data, int *size)
 {
-  if (!*data)
-    {
-      *data = malloc (sizeof (struct crypt_data));
-      if (!*data)
-        return 0;
-      *size = sizeof (struct crypt_data);
-    }
-  if (*size < 0 || (size_t)*size < sizeof (struct crypt_data))
+  if (!*data || *size < 0 || (size_t) *size < sizeof (struct crypt_data))
     {
+      /* realloc gives us no way to zeroize the previous data,
+         if it happens to relocate it to a new memory address.
+         So let's do it right away.  */
+      if (*data && *size > 0)
+        explicit_bzero (*data, (size_t) *size);
+
+      /* realloc called with *data == NULL is the same as a call
+         to malloc with the identical size parameter.  */
       void *rdata = realloc (*data, sizeof (struct crypt_data));
       if (!rdata)
         return 0;
+
       *data = rdata;
       *size = sizeof (struct crypt_data);
+      explicit_bzero (*data, (size_t) *size);
     }
 
   struct crypt_data *p = *data;