diff options
author | Werner Koch <wk@gnupg.org> | 2016-12-07 16:59:57 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2016-12-07 16:59:57 +0100 |
commit | b6870cf25c0b1eb9c127a94af8326c446421a472 (patch) | |
tree | 366a59ceb21782b6974d36e5f038d2e5a6f7e951 /src/stdmem.c | |
parent | b7df907dca4d525f8930c533b763ffce44ceed87 (diff) | |
download | libgcrypt-b6870cf25c0b1eb9c127a94af8326c446421a472.tar.gz |
Implement overflow secmem pools for xmalloc style allocators.
* src/secmem.c (pooldesc_s): Add fields next, cur_alloced, and
cur_blocks.
(cur_alloced, cur_blocks): Remove vars.
(ptr_into_pool_p): Make it inline.
(stats_update): Add arg pool and update the new pool specific
counters.
(_gcry_secmem_malloc_internal): Add arg xhint and allocate overflow
pools as needed.
(_gcry_secmem_malloc): Pass XHINTS along.
(_gcry_secmem_realloc_internal): Ditto.
(_gcry_secmem_realloc): Ditto.
(_gcry_secmem_free_internal): Take multiple pools in account. Add
return value to indicate whether the arg was freed.
(_gcry_secmem_free): Add return value to indicate whether the arg was
freed.
(_gcry_private_is_secure): Take multiple pools in account.
(_gcry_secmem_term): Release all pools.
(_gcry_secmem_dump_stats): Print stats for all pools.
* src/stdmem.c (_gcry_private_free): Replace _gcry_private_is_secure
test with a direct call of _gcry_secmem_free to avoid double checking.
--
This patch avoids process termination due to an out-of-secure-memory
condition in the MPI subsystem. We consider it more important to have
reliable MPI computations than process termination due the need for
memory which is protected against being swapped out. Using encrypted
swap is anyway a more reliable protection than those mlock'ed pages.
Note also that mlock'ed pages won't help against hibernation.
GnuPG-bug-id: 2857
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'src/stdmem.c')
-rw-r--r-- | src/stdmem.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/src/stdmem.c b/src/stdmem.c index cf937ffb..cbda8d89 100644 --- a/src/stdmem.c +++ b/src/stdmem.c @@ -230,15 +230,13 @@ _gcry_private_free (void *a) if (use_m_guard ) { _gcry_private_check_heap(p); - if ( _gcry_private_is_secure(a) ) - _gcry_secmem_free(p-EXTRA_ALIGN-4); - else + if (! _gcry_secmem_free (p - EXTRA_ALIGN - 4)) { - free(p-EXTRA_ALIGN-4); + free (p - EXTRA_ALIGN - 4); } } - else if ( _gcry_private_is_secure(a) ) - _gcry_secmem_free(p); - else - free(p); + else if (!_gcry_secmem_free (p)) + { + free(p); + } } |