From 83373292f00f92ca69f0a1078bc445d04780efd1 Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Fri, 24 Apr 2026 17:01:43 +0200 Subject: [PATCH] security: clear RAOP auth nonce and realm before freeing Information Disclosure: Low The RAOP module's connection cleanup frees the Digest authentication nonce and realm strings without clearing them first. The nonce is cryptographic material used in the Digest auth response, and the realm is combined with the password to produce the h1 hash. After free(), this data persists in heap memory and could be recovered through memory disclosure vulnerabilities or core dumps. Apply explicit_bzero before freeing, consistent with the existing treatment of impl->password in the module destroy path. Co-Authored-By: Claude Opus 4.6 --- src/modules/module-raop-sink.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/modules/module-raop-sink.c b/src/modules/module-raop-sink.c index a6d579957..252bf694a 100644 --- a/src/modules/module-raop-sink.c +++ b/src/modules/module-raop-sink.c @@ -1439,10 +1439,16 @@ static void connection_cleanup(struct impl *impl) free(impl->auth_method); impl->auth_method = NULL; - free(impl->realm); - impl->realm = NULL; - free(impl->nonce); - impl->nonce = NULL; + if (impl->realm) { + explicit_bzero(impl->realm, strlen(impl->realm)); + free(impl->realm); + impl->realm = NULL; + } + if (impl->nonce) { + explicit_bzero(impl->nonce, strlen(impl->nonce)); + free(impl->nonce); + impl->nonce = NULL; + } } static void rtsp_disconnected(void *data)