diff options
author | Werner Koch <wk@gnupg.org> | 2019-01-04 13:13:53 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2019-01-04 13:13:53 +0100 |
commit | 933bfd7b652a907c0d8dd5337c6b5b9cb82ce7b7 (patch) | |
tree | 2c3d78726642c6ccad34296082d5c85e3189a51c /src/estream.c | |
parent | 12349de46d241cfbadbdf99773d6cabfcbc97578 (diff) | |
download | libgpg-error-933bfd7b652a907c0d8dd5337c6b5b9cb82ce7b7.tar.gz |
core: New functions gpgrt_abort and gpgrt_add_emergency_cleanup.
* src/init.c (emergency_cleanup_list): New gloabl var.
(_gpgrt_add_emergency_cleanup): New.
(_gpgrt_abort): New. Repalce all calls to abort by this. Also replace
all assert by either log_assert or a stderr output followed by a
_gpgrt_abort.
(run_emergency_cleanup): New.
* src/visibility.c (gpgrt_add_emergency_cleanup): New public API.
(gpgrt_abort): New public API.
--
Libgcrypt uses its own assert function which makes sure to terminate
the secure memory. This is safe as log as an assert is triggered
internally in Libgcrypt. GnuPG runs emergency cleanup handlers right
before log_fatal etc to tell Libgcrypt to terminate the secure memory.
With the move of the logging function to gpgrt in gnupg 2.3 this did
not anymore. Thus we now provide a mechanism in gpgrt to do right
that. Eventually Libgcrypt can also make use of this.
What this does not handle are calls to abort or failed asserts in
external libraries or in libc. We can't do anything about it in a
library because a library may not setup signal handlers.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'src/estream.c')
-rw-r--r-- | src/estream.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/src/estream.c b/src/estream.c index 3645dfe..8b7ccc5 100644 --- a/src/estream.c +++ b/src/estream.c @@ -84,7 +84,6 @@ #include <fcntl.h> #include <errno.h> #include <stddef.h> -#include <assert.h> #ifdef HAVE_W32_SYSTEM # ifdef HAVE_WINSOCK2_H # include <winsock2.h> @@ -653,7 +652,7 @@ func_mem_write (void *cookie, const void *buffer, size_t size) mem_cookie->offset = mem_cookie->data_len; } - assert (mem_cookie->memory_size >= mem_cookie->offset); + gpgrt_assert (mem_cookie->memory_size >= mem_cookie->offset); nleft = mem_cookie->memory_size - mem_cookie->offset; /* If we are not allowed to grow the buffer, limit the size to the @@ -698,7 +697,7 @@ func_mem_write (void *cookie, const void *buffer, size_t size) return -1; } - assert (mem_cookie->func_realloc); + gpgrt_assert (mem_cookie->func_realloc); newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize); if (!newbuf) return -1; @@ -706,10 +705,10 @@ func_mem_write (void *cookie, const void *buffer, size_t size) mem_cookie->memory = newbuf; mem_cookie->memory_size = newsize; - assert (mem_cookie->memory_size >= mem_cookie->offset); + gpgrt_assert (mem_cookie->memory_size >= mem_cookie->offset); nleft = mem_cookie->memory_size - mem_cookie->offset; - assert (size <= nleft); + gpgrt_assert (size <= nleft); } memcpy (mem_cookie->memory + mem_cookie->offset, buffer, size); @@ -776,7 +775,7 @@ func_mem_seek (void *cookie, gpgrt_off_t *offset, int whence) return -1; } - assert (mem_cookie->func_realloc); + gpgrt_assert (mem_cookie->func_realloc); newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize); if (!newbuf) return -1; @@ -1885,7 +1884,7 @@ flush_stream (estream_t stream) gpgrt_cookie_write_function_t func_write = stream->intern->func_write; int err; - assert (stream->flags.writing); + gpgrt_assert (stream->flags.writing); if (stream->data_offset) { @@ -1966,7 +1965,7 @@ flush_stream (estream_t stream) static void es_empty (estream_t stream) { - assert (!stream->flags.writing); + gpgrt_assert (!stream->flags.writing); stream->data_len = 0; stream->data_offset = 0; stream->unread_data_len = 0; @@ -3556,7 +3555,7 @@ _gpgrt__get_std_stream (int fd) { fprintf (stderr, "fatal: error creating a dummy estream" " for %d: %s\n", fd, strerror (errno)); - abort(); + _gpgrt_abort(); } } |