From dafa386080bf73269d65a238868235dddef47c63 Mon Sep 17 00:00:00 2001 From: gusi Date: Sun, 10 Nov 2013 19:19:22 +0000 Subject: Bring in some patches from OpenBSD [1]. Those fix a problem accessing the gnome keyring, which caused gnome-shell to crash and respawn. Tested by: rut on #freebsd-gnone, gusi Reviewed by: kwm, gusi [1] thanks to ajacoutot (ajacoutot@openbsd.org) on #freebsd-gnome git-svn-id: svn://creme-brulee.marcuscom.com/ports/trunk@18875 df743ca5-7f9a-e211-a948-0013205c9059 --- security/gcr/files/patch-egg_egg-secure-memory.c | 959 +++++++++++++++++++++++ security/gcr/files/patch-egg_egg-secure-memory.h | 75 ++ 2 files changed, 1034 insertions(+) create mode 100644 security/gcr/files/patch-egg_egg-secure-memory.c create mode 100644 security/gcr/files/patch-egg_egg-secure-memory.h (limited to 'security/gcr') diff --git a/security/gcr/files/patch-egg_egg-secure-memory.c b/security/gcr/files/patch-egg_egg-secure-memory.c new file mode 100644 index 000000000..1f64ec729 --- /dev/null +++ b/security/gcr/files/patch-egg_egg-secure-memory.c @@ -0,0 +1,959 @@ +--- egg/egg-secure-memory.c.orig Wed Sep 19 11:01:27 2012 ++++ egg/egg-secure-memory.c Sat Oct 27 14:41:49 2012 +@@ -22,8 +22,8 @@ + */ + + /* +- * IMPORTANT: This is pure vanila standard C, no glib. We need this +- * because certain consumers of this protocol need to be built ++ * IMPORTANT: This is pure vanila standard C, no glib. We need this ++ * because certain consumers of this protocol need to be built + * without linking in any special libraries. ie: the PKCS#11 module. + */ + +@@ -48,8 +48,8 @@ + + #define DEBUG_SECURE_MEMORY 0 + +-#if DEBUG_SECURE_MEMORY +-#define DEBUG_ALLOC(msg, n) fprintf(stderr, "%s %lu bytes\n", msg, n); ++#if DEBUG_SECURE_MEMORY ++#define DEBUG_ALLOC(msg, n) fprintf(stderr, "%s %lu bytes\n", msg, n); + #else + #define DEBUG_ALLOC(msg, n) + #endif +@@ -59,8 +59,8 @@ + /* Use our own assert to guarantee no glib allocations */ + #ifndef ASSERT + #ifdef G_DISABLE_ASSERT +-#define ASSERT(x) +-#else ++#define ASSERT(x) ++#else + #define ASSERT(x) assert(x) + #endif + #endif +@@ -74,18 +74,18 @@ + static int show_warning = 1; + int egg_secure_warnings = 1; + +-/* +- * We allocate all memory in units of sizeof(void*). This ++/* ++ * We allocate all memory in units of sizeof(void*). This + * is our definition of 'word'. + */ + typedef void* word_t; + +-/* The amount of extra words we can allocate */ ++/* The amount of extra words we can allocate */ + #define WASTE 4 + +-/* +- * Track allocated memory or a free block. This structure is not stored +- * in the secure memory area. It is allocated from a pool of other ++/* ++ * Track allocated memory or a free block. This structure is not stored ++ * in the secure memory area. It is allocated from a pool of other + * memory. See meta_pool_xxx (). + */ + typedef struct _Cell { +@@ -97,7 +97,7 @@ typedef struct _Cell { + struct _Cell *prev; /* Previous in memory ring */ + } Cell; + +-/* ++/* + * A block of secure memory. This structure is the header in that block. + */ + typedef struct _Block { +@@ -130,20 +130,20 @@ unused_pop (void **stack) + ptr = *stack; + *stack = *(void**)ptr; + return ptr; +- ++ + } + + static inline void* + unused_peek (void **stack) + { + ASSERT (stack); +- return *stack; ++ return *stack; + } + + /* ----------------------------------------------------------------------------- + * POOL META DATA ALLOCATION +- * +- * A pool for memory meta data. We allocate fixed size blocks. There are actually ++ * ++ * A pool for memory meta data. We allocate fixed size blocks. There are actually + * two different structures stored in this pool: Cell and Block. Cell is allocated + * way more often, and is bigger so we just allocate that size for both. + */ +@@ -185,7 +185,7 @@ pool_alloc (void) + if (unused_peek (&pool->unused)) + break; + } +- ++ + /* Create a new pool */ + if (pool == NULL) { + len = getpagesize () * 2; +@@ -205,7 +205,7 @@ pool_alloc (void) + pool->n_items = (len - sizeof (Pool)) / sizeof (Item); + for (i = 0; i < pool->n_items; ++i) + unused_push (&pool->unused, pool->items + i); +- ++ + #ifdef WITH_VALGRIND + VALGRIND_CREATE_MEMPOOL(pool, 0, 0); + #endif +@@ -227,9 +227,9 @@ pool_free (void* item) + { + Pool *pool, **at; + char *ptr, *beg, *end; +- ++ + ptr = item; +- ++ + /* Find which block this one belongs to */ + for (at = (Pool **)&EGG_SECURE_GLOBALS.pool_data, pool = *at; + pool != NULL; at = &pool->next, pool = *at) { +@@ -275,17 +275,17 @@ pool_valid (void* item) + { + Pool *pool; + char *ptr, *beg, *end; +- ++ + ptr = item; +- ++ + /* Find which block this one belongs to */ + for (pool = EGG_SECURE_GLOBALS.pool_data; pool; pool = pool->next) { + beg = (char*)pool->items; + end = (char*)pool + pool->length - sizeof (Item); +- if (ptr >= beg && ptr <= end) ++ if (ptr >= beg && ptr <= end) + return (pool->used && (ptr - beg) % sizeof (Item) == 0); + } +- ++ + return 0; + } + +@@ -293,9 +293,9 @@ pool_valid (void* item) + + /* ----------------------------------------------------------------------------- + * SEC ALLOCATION +- * ++ * + * Each memory cell begins and ends with a pointer to its metadata. These are also +- * used as guards or red zones. Since they're treated as redzones by valgrind we ++ * used as guards or red zones. Since they're treated as redzones by valgrind we + * have to jump through a few hoops before reading and/or writing them. + */ + +@@ -315,11 +315,11 @@ sec_write_guards (Cell *cell) + + ((void**)cell->words)[0] = (void*)cell; + ((void**)cell->words)[cell->n_words - 1] = (void*)cell; +- ++ + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_NOACCESS (cell->words, sizeof (word_t)); + VALGRIND_MAKE_MEM_NOACCESS (cell->words + cell->n_words - 1, sizeof (word_t)); +-#endif ++#endif + } + + static inline void +@@ -327,16 +327,16 @@ sec_check_guards (Cell *cell) + { + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_DEFINED (cell->words, sizeof (word_t)); +- VALGRIND_MAKE_MEM_DEFINED (cell->words + cell->n_words - 1, sizeof (word_t)); +-#endif +- ++ VALGRIND_MAKE_MEM_DEFINED (cell->words + cell->n_words - 1, sizeof (word_t)); ++#endif ++ + ASSERT(((void**)cell->words)[0] == (void*)cell); + ASSERT(((void**)cell->words)[cell->n_words - 1] == (void*)cell); +- ++ + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_NOACCESS (cell->words, sizeof (word_t)); + VALGRIND_MAKE_MEM_NOACCESS (cell->words + cell->n_words - 1, sizeof (word_t)); +-#endif ++#endif + } + + static void +@@ -347,9 +347,9 @@ sec_insert_cell_ring (Cell **ring, Cell *cell) + ASSERT (cell != *ring); + ASSERT (cell->next == NULL); + ASSERT (cell->prev == NULL); +- +- /* Insert back into the mix of available memory */ +- if (*ring) { ++ ++ /* Insert back into the mix of available memory */ ++ if (*ring) { + cell->next = (*ring)->next; + cell->prev = *ring; + cell->next->prev = cell; +@@ -358,7 +358,7 @@ sec_insert_cell_ring (Cell **ring, Cell *cell) + cell->next = cell; + cell->prev = cell; + } +- ++ + *ring = cell; + ASSERT (cell->next->prev == cell); + ASSERT (cell->prev->next == cell); +@@ -391,7 +391,7 @@ sec_remove_cell_ring (Cell **ring, Cell *cell) + cell->next->prev = cell->prev; + cell->prev->next = cell->next; + cell->next = cell->prev = NULL; +- ++ + ASSERT (*ring != cell); + } + +@@ -440,10 +440,10 @@ static Cell* + sec_neighbor_before (Block *block, Cell *cell) + { + word_t *word; +- ++ + ASSERT (cell); + ASSERT (block); +- ++ + word = cell->words - 1; + if (!sec_is_valid_word (block, word)) + return NULL; +@@ -451,7 +451,7 @@ sec_neighbor_before (Block *block, Cell *cell) + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_DEFINED (word, sizeof (word_t)); + #endif +- ++ + cell = *word; + sec_check_guards (cell); + +@@ -462,14 +462,14 @@ sec_neighbor_before (Block *block, Cell *cell) + return cell; + } + +-static Cell* ++static Cell* + sec_neighbor_after (Block *block, Cell *cell) + { + word_t *word; +- ++ + ASSERT (cell); + ASSERT (block); +- ++ + word = cell->words + cell->n_words; + if (!sec_is_valid_word (block, word)) + return NULL; +@@ -480,7 +480,7 @@ sec_neighbor_after (Block *block, Cell *cell) + + cell = *word; + sec_check_guards (cell); +- ++ + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_NOACCESS (word, sizeof (word_t)); + #endif +@@ -496,7 +496,7 @@ sec_alloc (Block *block, + Cell *cell, *other; + size_t n_words; + void *memory; +- ++ + ASSERT (block); + ASSERT (length); + ASSERT (tag); +@@ -504,16 +504,16 @@ sec_alloc (Block *block, + if (!block->unused_cells) + return NULL; + +- /* +- * Each memory allocation is aligned to a pointer size, and ++ /* ++ * Each memory allocation is aligned to a pointer size, and + * then, sandwidched between two pointers to its meta data. + * These pointers also act as guards. + * +- * We allocate memory in units of sizeof (void*) ++ * We allocate memory in units of sizeof (void*) + */ +- ++ + n_words = sec_size_to_words (length) + 2; +- ++ + /* Look for a cell of at least our required size */ + cell = block->unused_cells; + while (cell->n_words < n_words) { +@@ -523,7 +523,7 @@ sec_alloc (Block *block, + break; + } + } +- ++ + if (!cell) + return NULL; + +@@ -532,7 +532,7 @@ sec_alloc (Block *block, + ASSERT (cell->prev); + ASSERT (cell->words); + sec_check_guards (cell); +- ++ + /* Steal from the cell if it's too long */ + if (cell->n_words > n_words + WASTE) { + other = pool_alloc (); +@@ -542,13 +542,13 @@ sec_alloc (Block *block, + other->words = cell->words; + cell->n_words -= n_words; + cell->words += n_words; +- ++ + sec_write_guards (other); + sec_write_guards (cell); +- ++ + cell = other; + } +- ++ + if (cell->next) + sec_remove_cell_ring (&block->unused_cells, cell); + +@@ -557,11 +557,11 @@ sec_alloc (Block *block, + cell->requested = length; + sec_insert_cell_ring (&block->used_cells, cell); + memory = sec_cell_to_memory (cell); +- ++ + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_UNDEFINED (memory, length); + #endif +- ++ + return memset (memory, 0, length); + } + +@@ -570,13 +570,13 @@ sec_free (Block *block, void *memory) + { + Cell *cell, *other; + word_t *word; +- ++ + ASSERT (block); + ASSERT (memory); +- ++ + word = memory; + --word; +- ++ + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_DEFINED (word, sizeof (word_t)); + #endif +@@ -600,39 +600,39 @@ sec_free (Block *block, void *memory) + /* Remove from the used cell ring */ + sec_remove_cell_ring (&block->used_cells, cell); + +- /* Find previous unallocated neighbor, and merge if possible */ +- other = sec_neighbor_before (block, cell); +- if (other && other->requested == 0) { +- ASSERT (other->tag == NULL); +- ASSERT (other->next && other->prev); +- other->n_words += cell->n_words; +- sec_write_guards (other); +- pool_free (cell); +- cell = other; +- } +- +- /* Find next unallocated neighbor, and merge if possible */ +- other = sec_neighbor_after (block, cell); +- if (other && other->requested == 0) { +- ASSERT (other->tag == NULL); +- ASSERT (other->next && other->prev); +- other->n_words += cell->n_words; +- other->words = cell->words; +- if (cell->next) +- sec_remove_cell_ring (&block->unused_cells, cell); +- sec_write_guards (other); +- pool_free (cell); +- cell = other; +- } ++ /* Find previous unallocated neighbor, and merge if possible */ ++ other = sec_neighbor_before (block, cell); ++ if (other && other->requested == 0) { ++ ASSERT (other->tag == NULL); ++ ASSERT (other->next && other->prev); ++ other->n_words += cell->n_words; ++ sec_write_guards (other); ++ pool_free (cell); ++ cell = other; ++ } + +- /* Add to the unused list if not already there */ +- if (!cell->next) +- sec_insert_cell_ring (&block->unused_cells, cell); ++ /* Find next unallocated neighbor, and merge if possible */ ++ other = sec_neighbor_after (block, cell); ++ if (other && other->requested == 0) { ++ ASSERT (other->tag == NULL); ++ ASSERT (other->next && other->prev); ++ other->n_words += cell->n_words; ++ other->words = cell->words; ++ if (cell->next) ++ sec_remove_cell_ring (&block->unused_cells, cell); ++ sec_write_guards (other); ++ pool_free (cell); ++ cell = other; ++ } + +- cell->tag = NULL; +- cell->requested = 0; +- --block->n_used; +- return NULL; ++ /* Add to the unused list if not already there */ ++ if (!cell->next) ++ sec_insert_cell_ring (&block->unused_cells, cell); ++ ++ cell->tag = NULL; ++ cell->requested = 0; ++ --block->n_used; ++ return NULL; + } + + static void +@@ -683,7 +683,7 @@ sec_realloc (Block *block, + /* Dig out where the meta should be */ + word = memory; + --word; +- ++ + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_DEFINED (word, sizeof (word_t)); + #endif +@@ -691,7 +691,7 @@ sec_realloc (Block *block, + ASSERT (sec_is_valid_word (block, word)); + ASSERT (pool_valid (*word)); + cell = *word; +- ++ + /* Validate that it's actually for real */ + sec_check_guards (cell); + ASSERT (cell->requested > 0); +@@ -710,17 +710,17 @@ sec_realloc (Block *block, + cell->requested = length; + alloc = sec_cell_to_memory (cell); + +- /* ++ /* + * Even though we may be reusing the same cell, that doesn't + * mean that the allocation is shrinking. It could have shrunk +- * and is now expanding back some. +- */ ++ * and is now expanding back some. ++ */ + if (length < valid) + sec_clear_undefined (alloc, length, valid); + + return alloc; + } +- ++ + /* Need braaaaaiiiiiinsss... */ + while (cell->n_words < n_words) { + +@@ -728,7 +728,7 @@ sec_realloc (Block *block, + other = sec_neighbor_after (block, cell); + if (!other || other->requested != 0) + break; +- ++ + /* Eat the whole neighbor if not too big */ + if (n_words - cell->n_words + WASTE >= other->n_words) { + cell->n_words += other->n_words; +@@ -745,7 +745,7 @@ sec_realloc (Block *block, + sec_write_guards (cell); + } + } +- ++ + if (cell->n_words >= n_words) { + cell->requested = length; + cell->tag = tag; +@@ -760,7 +760,7 @@ sec_realloc (Block *block, + memcpy_with_vbits (alloc, memory, valid); + sec_free (block, memory); + } +- ++ + return alloc; + } + +@@ -770,7 +770,7 @@ sec_allocated (Block *block, void *memory) + { + Cell *cell; + word_t *word; +- ++ + ASSERT (block); + ASSERT (memory); + +@@ -780,12 +780,12 @@ sec_allocated (Block *block, void *memory) + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_DEFINED (word, sizeof (word_t)); + #endif +- ++ + /* Lookup the meta for this memory block (using guard pointer) */ + ASSERT (sec_is_valid_word (block, word)); + ASSERT (pool_valid (*word)); + cell = *word; +- ++ + sec_check_guards (cell); + ASSERT (cell->requested > 0); + ASSERT (cell->tag != NULL); +@@ -817,10 +817,10 @@ sec_validate (Block *block) + ASSERT (sec_is_valid_word (block, word)); + ASSERT (pool_valid (*word)); + cell = *word; +- ++ + /* Validate that it's actually for real */ + sec_check_guards (cell); +- ++ + /* Is it an allocated block? */ + if (cell->requested > 0) { + ASSERT (cell->tag != NULL); +@@ -829,7 +829,7 @@ sec_validate (Block *block) + ASSERT (cell->next->prev == cell); + ASSERT (cell->prev->next == cell); + ASSERT (cell->requested <= (cell->n_words - 2) * sizeof (word_t)); +- ++ + /* An unused block */ + } else { + ASSERT (cell->tag == NULL); +@@ -838,7 +838,7 @@ sec_validate (Block *block) + ASSERT (cell->next->prev == cell); + ASSERT (cell->prev->next == cell); + } +- ++ + word += cell->n_words; + if (word == last) + break; +@@ -855,7 +855,7 @@ sec_acquire_pages (size_t *sz, + { + void *pages; + unsigned long pgsize; +- ++ + ASSERT (sz); + ASSERT (*sz); + ASSERT (during_tag); +@@ -863,7 +863,7 @@ sec_acquire_pages (size_t *sz, + /* Make sure sz is a multiple of the page size */ + pgsize = getpagesize (); + *sz = (*sz + pgsize -1) & ~(pgsize - 1); +- ++ + #if defined(HAVE_MLOCK) + pages = mmap (0, *sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0); + if (pages == MAP_FAILED) { +@@ -873,7 +873,7 @@ sec_acquire_pages (size_t *sz, + show_warning = 0; + return NULL; + } +- ++ + if (mlock (pages, *sz) < 0) { + if (show_warning && egg_secure_warnings && errno != EPERM) { + fprintf (stderr, "couldn't lock %lu bytes of memory (%s): %s\n", +@@ -883,12 +883,12 @@ sec_acquire_pages (size_t *sz, + munmap (pages, *sz); + return NULL; + } +- ++ + DEBUG_ALLOC ("gkr-secure-memory: new block ", *sz); +- ++ + show_warning = 1; + return pages; +- ++ + #else + if (show_warning && egg_secure_warnings) + fprintf (stderr, "your system does not support private memory"); +@@ -898,21 +898,21 @@ sec_acquire_pages (size_t *sz, + + } + +-static void ++static void + sec_release_pages (void *pages, size_t sz) + { + ASSERT (pages); + ASSERT (sz % getpagesize () == 0); +- ++ + #if defined(HAVE_MLOCK) + if (munlock (pages, sz) < 0 && egg_secure_warnings) + fprintf (stderr, "couldn't unlock private memory: %s\n", strerror (errno)); +- ++ + if (munmap (pages, sz) < 0 && egg_secure_warnings) + fprintf (stderr, "couldn't unmap private anonymous memory: %s\n", strerror (errno)); +- ++ + DEBUG_ALLOC ("gkr-secure-memory: freed block ", sz); +- ++ + #else + ASSERT (FALSE); + #endif +@@ -924,7 +924,7 @@ sec_release_pages (void *pages, size_t sz) + + static Block *all_blocks = NULL; + +-static Block* ++static Block* + sec_block_create (size_t size, + const char *during_tag) + { +@@ -950,7 +950,7 @@ sec_block_create (size_t size, + /* The size above is a minimum, we're free to go bigger */ + if (size < DEFAULT_BLOCK_SIZE) + size = DEFAULT_BLOCK_SIZE; +- ++ + block->words = sec_acquire_pages (&size, during_tag); + block->n_words = size / sizeof (word_t); + if (!block->words) { +@@ -958,11 +958,11 @@ sec_block_create (size_t size, + pool_free (cell); + return NULL; + } +- ++ + #ifdef WITH_VALGRIND + VALGRIND_MAKE_MEM_DEFINED (block->words, size); + #endif +- ++ + /* The first cell to allocate from */ + cell->words = block->words; + cell->n_words = block->n_words; +@@ -972,7 +972,7 @@ sec_block_create (size_t size, + + block->next = all_blocks; + all_blocks = block; +- ++ + return block; + } + +@@ -985,7 +985,7 @@ sec_block_destroy (Block *block) + ASSERT (block); + ASSERT (block->words); + ASSERT (block->n_used == 0); +- ++ + /* Remove from the list */ + for (at = &all_blocks, bl = *at; bl; at = &bl->next, bl = *at) { + if (bl == block) { +@@ -993,7 +993,7 @@ sec_block_destroy (Block *block) + break; + } + } +- ++ + /* Must have been found */ + ASSERT (bl == block); + ASSERT (block->used_cells == NULL); +@@ -1004,7 +1004,7 @@ sec_block_destroy (Block *block) + sec_remove_cell_ring (&block->unused_cells, cell); + pool_free (cell); + } +- ++ + /* Release all pages of secure memory */ + sec_release_pages (block->words, block->n_words * sizeof (word_t)); + +@@ -1028,35 +1028,35 @@ egg_secure_alloc_full (const char *tag, + + if (length > 0xFFFFFFFF / 2) { + if (egg_secure_warnings) +- fprintf (stderr, "tried to allocate an insane amount of memory: %lu\n", +- (unsigned long)length); ++ fprintf (stderr, "tried to allocate an insane amount of memory: %lu\n", ++ (unsigned long)length); + return NULL; + } + + /* Can't allocate zero bytes */ + if (length == 0) + return NULL; +- ++ + DO_LOCK (); +- ++ + for (block = all_blocks; block; block = block->next) { + memory = sec_alloc (block, tag, length); + if (memory) +- break; ++ break; + } +- ++ + /* None of the current blocks have space, allocate new */ + if (!memory) { + block = sec_block_create (length, tag); + if (block) + memory = sec_alloc (block, tag, length); + } +- ++ + #ifdef WITH_VALGRIND + if (memory != NULL) + VALGRIND_MALLOCLIKE_BLOCK (memory, length, sizeof (void*), 1); + #endif +- ++ + DO_UNLOCK (); + + if (!memory && (flags & EGG_SECURE_USE_FALLBACK) && EGG_SECURE_GLOBALS.fallback != NULL) { +@@ -1064,10 +1064,10 @@ egg_secure_alloc_full (const char *tag, + if (memory) /* Our returned memory is always zeroed */ + memset (memory, 0, length); + } +- ++ + if (!memory) + errno = ENOMEM; +- ++ + return memory; + } + +@@ -1087,20 +1087,20 @@ egg_secure_realloc_full (const char *tag, + + if (length > 0xFFFFFFFF / 2) { + if (egg_secure_warnings) +- fprintf (stderr, "tried to allocate an insane amount of memory: %lu\n", ++ fprintf (stderr, "tried to allocate an insane amount of memory: %lu\n", + (unsigned long)length); + return NULL; + } +- ++ + if (memory == NULL) + return egg_secure_alloc_full (tag, length, flags); + if (!length) { + egg_secure_free_full (memory, flags); + return NULL; + } +- ++ + DO_LOCK (); +- ++ + /* Find out where it belongs to */ + for (block = all_blocks; block; block = block->next) { + if (sec_is_valid_word (block, memory)) { +@@ -1115,10 +1115,10 @@ egg_secure_realloc_full (const char *tag, + + #ifdef WITH_VALGRIND + /* Now tell valgrind about either the new block or old one */ +- VALGRIND_MALLOCLIKE_BLOCK (alloc ? alloc : memory, +- alloc ? length : previous, ++ VALGRIND_MALLOCLIKE_BLOCK (alloc ? alloc : memory, ++ alloc ? length : previous, + sizeof (word_t), 1); +-#endif ++#endif + break; + } + } +@@ -1129,13 +1129,13 @@ egg_secure_realloc_full (const char *tag, + + if (block && block->n_used == 0) + sec_block_destroy (block); +- +- DO_UNLOCK (); +- ++ ++ DO_UNLOCK (); ++ + if (!block) { + if ((flags & EGG_SECURE_USE_FALLBACK) && EGG_SECURE_GLOBALS.fallback) { +- /* +- * In this case we can't zero the returned memory, ++ /* ++ * In this case we can't zero the returned memory, + * because we don't know what the block size was. + */ + return EGG_SECURE_GLOBALS.fallback (memory, length); +@@ -1155,7 +1155,7 @@ egg_secure_realloc_full (const char *tag, + egg_secure_free_full (memory, flags); + } + } +- ++ + if (!alloc) + errno = ENOMEM; + +@@ -1172,12 +1172,12 @@ void + egg_secure_free_full (void *memory, int flags) + { + Block *block = NULL; +- ++ + if (memory == NULL) + return; +- ++ + DO_LOCK (); +- ++ + /* Find out where it belongs to */ + for (block = all_blocks; block; block = block->next) { + if (sec_is_valid_word (block, memory)) +@@ -1195,9 +1195,9 @@ egg_secure_free_full (void *memory, int flags) + if (block->n_used == 0) + sec_block_destroy (block); + } +- ++ + DO_UNLOCK (); +- ++ + if (!block) { + if ((flags & EGG_SECURE_USE_FALLBACK) && EGG_SECURE_GLOBALS.fallback) { + EGG_SECURE_GLOBALS.fallback (memory, 0); +@@ -1208,36 +1208,36 @@ egg_secure_free_full (void *memory, int flags) + ASSERT (0 && "memory does does not belong to secure memory pool"); + } + } +-} ++} + +-int ++int + egg_secure_check (const void *memory) + { + Block *block = NULL; + + DO_LOCK (); +- ++ + /* Find out where it belongs to */ + for (block = all_blocks; block; block = block->next) { + if (sec_is_valid_word (block, (word_t*)memory)) + break; + } +- ++ + DO_UNLOCK (); +- ++ + return block == NULL ? 0 : 1; +-} ++} + + void + egg_secure_validate (void) + { + Block *block = NULL; +- ++ + DO_LOCK (); +- ++ + for (block = all_blocks; block; block = block->next) + sec_validate (block); +- ++ + DO_UNLOCK (); + } + +@@ -1320,20 +1320,42 @@ egg_secure_strdup_full (const char *tag, + if (!str) + return NULL; + +- len = strlen (str) + 1; ++ len = strlen (str) + 1; + res = (char *)egg_secure_alloc_full (tag, len, options); + strcpy (res, str); + return res; + } + ++char * ++egg_secure_strndup_full (const char *tag, ++ const char *str, ++ size_t length, ++ int options) ++{ ++ size_t len; ++ char *res; ++ const char *end; ++ ++ if (!str) ++ return NULL; ++ ++ end = memchr (str, '\0', length); ++ if (end != NULL) ++ length = (end - str); ++ len = length + 1; ++ res = (char *)egg_secure_alloc_full (tag, len, options); ++ memcpy (res, str, len); ++ return res; ++} ++ + void + egg_secure_clear (void *p, size_t length) + { + volatile char *vp; +- ++ + if (p == NULL) + return; +- ++ + vp = (volatile char*)p; + while (length) { + *vp = 0xAA; +@@ -1355,10 +1377,10 @@ egg_secure_strfree (char *str) + { + /* + * If we're using unpageable 'secure' memory, then the free call +- * should zero out the memory, but because on certain platforms ++ * should zero out the memory, but because on certain platforms + * we may be using normal memory, zero it out here just in case. + */ +- ++ + egg_secure_strclear (str); + egg_secure_free_full (str, EGG_SECURE_USE_FALLBACK); + } diff --git a/security/gcr/files/patch-egg_egg-secure-memory.h b/security/gcr/files/patch-egg_egg-secure-memory.h new file mode 100644 index 000000000..56a1607b9 --- /dev/null +++ b/security/gcr/files/patch-egg_egg-secure-memory.h @@ -0,0 +1,75 @@ +--- egg/egg-secure-memory.h.orig Wed Sep 19 11:01:27 2012 ++++ egg/egg-secure-memory.h Sat Oct 27 14:41:49 2012 +@@ -27,16 +27,16 @@ + #include + + /* ------------------------------------------------------------------- +- * Low Level Secure Memory +- * +- * IMPORTANT: This is pure vanila standard C, no glib. We need this +- * because certain consumers of this protocol need to be built ++ * Low Level Secure Memory ++ * ++ * IMPORTANT: This is pure vanila standard C, no glib. We need this ++ * because certain consumers of this protocol need to be built + * without linking in any special libraries. ie: the PKCS#11 module. +- * ++ * + * Thread locking +- * ++ * + * In order to use these functions in a module the following functions +- * must be defined somewhere, and provide appropriate locking for ++ * must be defined somewhere, and provide appropriate locking for + * secure memory between threads: + */ + +@@ -66,12 +66,12 @@ typedef struct { + + extern egg_secure_glob EGG_SECURE_GLOBALS; + +-/* ++/* + * Main functionality +- * ++ * + * Allocations return NULL on failure. +- */ +- ++ */ ++ + #define EGG_SECURE_USE_FALLBACK 0x0001 + + #define EGG_SECURE_DECLARE(tag) \ +@@ -83,23 +83,28 @@ extern egg_secure_glob EGG_SECURE_GLOBALS; + } \ + static inline void* egg_secure_strdup (const char *str) { \ + return egg_secure_strdup_full (G_STRINGIFY (tag), str, EGG_SECURE_USE_FALLBACK); \ ++ } \ ++ static inline void* egg_secure_strndup (const char *str, size_t length) { \ ++ return egg_secure_strndup_full (G_STRINGIFY (tag), str, length, EGG_SECURE_USE_FALLBACK); \ + } + + void* egg_secure_alloc_full (const char *tag, size_t length, int options); + + void* egg_secure_realloc_full (const char *tag, void *p, size_t length, int options); + +-void egg_secure_free (void* p); ++void egg_secure_free (void* p); + +-void egg_secure_free_full (void* p, int fallback); ++void egg_secure_free_full (void* p, int fallback); + + void egg_secure_clear (void *p, size_t length); + +-int egg_secure_check (const void* p); ++int egg_secure_check (const void* p); + + void egg_secure_validate (void); + + char* egg_secure_strdup_full (const char *tag, const char *str, int options); ++ ++char* egg_secure_strndup_full (const char *tag, const char *str, size_t length, int options); + + void egg_secure_strclear (char *str); + -- cgit v1.2.3