feat(misc): add burn_free function and BURN_FREE macro for secure memory deallocation

Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

include/libssh/callbacks.h

@@ -113,6 +113,17 @@ typedef void (*ssh_status_callback) (ssh_session session, float status,
 typedef void (*ssh_global_request_callback) (ssh_session session,
                                         ssh_message message, void *userdata);
 
+/**
+ * @brief SSH connect status callback. These are functions that report the
+ * status of the connection i,e. a function indicating the completed percentage
+ * of the connection
+ * steps.
+ * @param userdata Userdata to be passed to the callback function.
+ * @param status Percentage of connection status, going from 0.0 to 1.0
+ * once connection is done.
+ */
+typedef void (*ssh_connect_status_callback)(void *userdata, float status);
+
 /**
  * @brief Handles an SSH new channel open X11 request. This happens when the server
  * sends back an X11 connection attempt. This is a client-side API
@@ -181,7 +192,7 @@ struct ssh_callbacks_struct {
    * This function gets called during connection time to indicate the
    * percentage of connection steps completed.
    */
-  void (*connect_status_function)(void *userdata, float status);
+  ssh_connect_status_callback connect_status_function;
   /**
    * This function will be called each time a global request is received.
    */

include/libssh/priv.h

@@ -369,6 +369,17 @@ int ssh_connector_remove_event(ssh_connector connector);
 void explicit_bzero(void *s, size_t n);
 #endif /* !HAVE_EXPLICIT_BZERO */
 
+void burn_free(void *ptr, size_t len);
+
+/** Free memory space after zeroing it */
+#define BURN_FREE(x, len)          \
+    do {                           \
+        if ((x) != NULL) {         \
+            burn_free((x), (len)); \
+            (x) = NULL;            \
+        }                          \
+    } while (0)
+
 /**
  * This is a hack to fix warnings. The idea is to use this everywhere that we
  * get the "discarding const" warning by the compiler. That doesn't actually

src/misc.c

@@ -1619,6 +1619,27 @@ void explicit_bzero(void *s, size_t n)
 }
 #endif /* !HAVE_EXPLICIT_BZERO */
 
+/**
+ * @brief Securely free memory by overwriting it before deallocation
+ *
+ * Overwrites the memory region with zeros before calling free() to prevent
+ * sensitive data from remaining in memory after deallocation.
+ *
+ * @param[in] ptr Pointer to the memory region to securely free.
+ *                Can be NULL (no operation performed).
+ * @param[in] len Length of the memory region in bytes.
+ *
+ */
+void burn_free(void *ptr, size_t len)
+{
+    if (ptr == NULL || len == 0) {
+        return;
+    }
+
+    explicit_bzero(ptr, len);
+    free(ptr);
+}
+
 #if !defined(HAVE_STRNDUP)
 char *strndup(const char *s, size_t n)
 {

src/pki.c

@@ -3221,12 +3221,6 @@ int sshsig_verify(const void *data,
         SSH_LOG(SSH_LOG_TRACE, "Signature verification failed");
         goto cleanup;
     }
-    if (strlen(sig_namespace) == 0) {
-        SSH_LOG(SSH_LOG_TRACE,
-                "Invalid parameters provided to sshsig_verify: empty namespace "
-                "string");
-        return SSH_ERROR;
-    }
 
     if (sign_key != NULL) {
         *sign_key = key;

src/session.c

@@ -26,6 +26,10 @@
 #include <string.h>
 #include <stdlib.h>
 
+#ifdef _WIN32
+#include <winsock2.h>
+#endif
+
 #include "libssh/priv.h"
 #include "libssh/libssh.h"
 #include "libssh/crypto.h"
@@ -409,10 +413,10 @@ const char* ssh_get_clientbanner(ssh_session session) {
  * @return Returns the server banner string or NULL.
  */
 const char* ssh_get_serverbanner(ssh_session session) {
-	if(!session) {
-		return NULL;
-	}
-	return session->serverbanner;
+    if (!session) {
+        return NULL;
+    }
+    return session->serverbanner;
 }
 
 /**
@@ -942,16 +946,41 @@ int ssh_get_version(ssh_session session) {
  * @param user is a pointer to session
  */
 void ssh_socket_exception_callback(int code, int errno_code, void *user){
-    ssh_session session=(ssh_session)user;
+    ssh_session session = (ssh_session)user;
 
-    SSH_LOG(SSH_LOG_RARE,"Socket exception callback: %d (%d)",code, errno_code);
+    SSH_LOG(SSH_LOG_RARE,
+            "Socket exception callback: %d (%d)",
+            code,
+            errno_code);
     session->session_state = SSH_SESSION_STATE_ERROR;
     if (errno_code == 0 && code == SSH_SOCKET_EXCEPTION_EOF) {
         ssh_set_error(session, SSH_FATAL, "Socket error: disconnected");
+#ifdef _WIN32
+    } else if (errno_code == WSAENETDOWN) {
+        ssh_set_error(session, SSH_FATAL, "Socket error: network down");
+    } else if (errno_code == WSAENETUNREACH) {
+        ssh_set_error(session, SSH_FATAL, "Socket error: network unreachable");
+    } else if (errno_code == WSAENETRESET) {
+        ssh_set_error(session, SSH_FATAL, "Socket error: network reset");
+    } else if (errno_code == WSAECONNABORTED) {
+        ssh_set_error(session, SSH_FATAL, "Socket error: connection aborted");
+    } else if (errno_code == WSAECONNRESET) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Socket error: connection reset by peer");
+    } else if (errno_code == WSAETIMEDOUT) {
+        ssh_set_error(session, SSH_FATAL, "Socket error: connection timed out");
+    } else if (errno_code == WSAECONNREFUSED) {
+        ssh_set_error(session, SSH_FATAL, "Socket error: connection refused");
+    } else if (errno_code == WSAEHOSTUNREACH) {
+        ssh_set_error(session, SSH_FATAL, "Socket error: host unreachable");
+#endif
     } else {
         char err_msg[SSH_ERRNO_MSG_MAX] = {0};
-        ssh_set_error(session, SSH_FATAL, "Socket error: %s",
-                ssh_strerror(errno_code, err_msg, SSH_ERRNO_MSG_MAX));
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Socket error: %s",
+                      ssh_strerror(errno_code, err_msg, SSH_ERRNO_MSG_MAX));
     }
 
     session->ssh_connection_callback(session);