diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-10 09:44:41 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-02-10 09:44:41 +0900 |
commit | f98ca6aa34ccdbbaf94f93ae30beafe400303c97 (patch) | |
tree | 1e4c6b251a57545c5e3b06425332a23d72de255d /src | |
parent | 90f41a1898e421c04080d35d7fea98ee18e74865 (diff) | |
download | libgcrypt-f98ca6aa34ccdbbaf94f93ae30beafe400303c97.tar.gz |
Remove the built-in memory guard support.
* configure.ac (--enable-m-guard): Remove.
* src/global.c (_gcry_vcontrol): Return GPG_ERR_NOT_SUPPORTED for
GCRYCTL_ENABLE_M_GUARD.
* src/stdmem.c (use_m_guard, _gcry_private_enable_m_guard): Remove.
(_gcry_private_malloc): Remove the code path with use_m_guard==1.
(_gcry_private_malloc_secure): Likewise.
(_gcry_private_realloc, _gcry_private_free): Likewise.
(_gcry_private_check_heap): Remove.
* src/stdmem.h: Remove declarations for memory guard functions.
--
GnuPG-bug-id: T5822
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/global.c | 4 | ||||
-rw-r--r-- | src/stdmem.c | 123 | ||||
-rw-r--r-- | src/stdmem.h | 3 |
3 files changed, 6 insertions, 124 deletions
diff --git a/src/global.c b/src/global.c index 7cf40e4a..956043c4 100644 --- a/src/global.c +++ b/src/global.c @@ -523,7 +523,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) switch (cmd) { case GCRYCTL_ENABLE_M_GUARD: - _gcry_private_enable_m_guard (); + rc = GPG_ERR_NOT_SUPPORTED; break; case GCRYCTL_ENABLE_QUICK_RANDOM: @@ -1043,8 +1043,6 @@ _gcry_check_heap( const void *a ) #if 0 if( some_handler ) some_handler(a) - else - _gcry_private_check_heap(a) #endif } diff --git a/src/stdmem.c b/src/stdmem.c index f657ddcc..d0ebef0c 100644 --- a/src/stdmem.c +++ b/src/stdmem.c @@ -57,32 +57,6 @@ -#define MAGIC_NOR_BYTE 0x55 -#define MAGIC_SEC_BYTE 0xcc -#define MAGIC_END_BYTE 0xaa - -#ifdef ALIGNOF_LONG_DOUBLE -#define EXTRA_ALIGN (ALIGNOF_LONG_DOUBLE-4) -#elif SIZEOF_UNSIGNED_LONG == 8 -#define EXTRA_ALIGN 4 -#else -#define EXTRA_ALIGN 0 -#endif - - -static int use_m_guard = 0; - -/**************** - * Warning: Never use this function after any of the functions - * here have been used. - */ -void -_gcry_private_enable_m_guard (void) -{ - use_m_guard = 1; -} - - /* * Allocate memory of size n. * Return NULL if we are out of memory. @@ -97,23 +71,7 @@ _gcry_private_malloc (size_t n) an error to detect such coding errors. */ } - if (use_m_guard) - { - char *p; - - if ( !(p = malloc (n + EXTRA_ALIGN+5)) ) - return NULL; - ((byte*)p)[EXTRA_ALIGN+0] = n; - ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; - ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; - ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_NOR_BYTE; - p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; - return p+EXTRA_ALIGN+4; - } - else - { - return malloc( n ); - } + return malloc( n ); } @@ -132,23 +90,7 @@ _gcry_private_malloc_secure (size_t n, int xhint) error to detect such coding errors. */ } - if (use_m_guard) - { - char *p; - - if (!(p = _gcry_secmem_malloc (n + EXTRA_ALIGN + 5, xhint))) - return NULL; - ((byte*)p)[EXTRA_ALIGN+0] = n; - ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; - ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; - ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_SEC_BYTE; - p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE; - return p+EXTRA_ALIGN+4; - } - else - { - return _gcry_secmem_malloc (n, xhint); - } + return _gcry_secmem_malloc (n, xhint); } @@ -160,33 +102,7 @@ _gcry_private_malloc_secure (size_t n, int xhint) void * _gcry_private_realloc (void *a, size_t n, int xhint) { - if (use_m_guard) - { - unsigned char *p = a; - char *b; - size_t len; - - if (!a) - return _gcry_private_malloc(n); - - _gcry_private_check_heap(p); - len = p[-4]; - len |= p[-3] << 8; - len |= p[-2] << 16; - if( len >= n ) /* We don't shrink for now. */ - return a; - if (p[-1] == MAGIC_SEC_BYTE) - b = _gcry_private_malloc_secure (n, xhint); - else - b = _gcry_private_malloc(n); - if (!b) - return NULL; - memcpy (b, a, len); - memset (b+len, 0, n-len); - _gcry_private_free (p); - return b; - } - else if ( _gcry_private_is_secure(a) ) + if ( _gcry_private_is_secure(a) ) { return _gcry_secmem_realloc (a, n, xhint); } @@ -197,28 +113,6 @@ _gcry_private_realloc (void *a, size_t n, int xhint) } -void -_gcry_private_check_heap (const void *a) -{ - if (use_m_guard) - { - const byte *p = a; - size_t len; - - if (!p) - return; - - if ( !(p[-1] == MAGIC_NOR_BYTE || p[-1] == MAGIC_SEC_BYTE) ) - _gcry_log_fatal ("memory at %p corrupted (underflow=%02x)\n", p, p[-1]); - len = p[-4]; - len |= p[-3] << 8; - len |= p[-2] << 16; - if ( p[len] != MAGIC_END_BYTE ) - _gcry_log_fatal ("memory at %p corrupted (overflow=%02x)\n", p, p[-1]); - } -} - - /* * Free a memory block allocated by this or the secmem module */ @@ -230,15 +124,8 @@ _gcry_private_free (void *a) if (!p) return; - if (use_m_guard) - { - _gcry_private_check_heap (p); - freep = p - EXTRA_ALIGN - 4; - } - else - { - freep = p; - } + + freep = p; if (!_gcry_private_is_secure (freep) || !_gcry_secmem_free (freep)) diff --git a/src/stdmem.h b/src/stdmem.h index c52aab54..ba885005 100644 --- a/src/stdmem.h +++ b/src/stdmem.h @@ -21,12 +21,9 @@ #ifndef G10_STDMEM_H #define G10_STDMEM_H 1 -void _gcry_private_enable_m_guard(void); - void *_gcry_private_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC; void *_gcry_private_malloc_secure (size_t n, int xhint) _GCRY_GCC_ATTR_MALLOC; void *_gcry_private_realloc (void *a, size_t n, int xhint); -void _gcry_private_check_heap (const void *a); void _gcry_private_free (void *a); #endif /* G10_STDMEM_H */ |