X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fxalloc.h;h=34f02d0ec1dd0ac7f20b0eba649c8c7820c358f7;hb=refs%2Fheads%2F1.1;hp=34dac3ccfe260b988fb33abce72b71f3f2508eff;hpb=5822f817aa802c2c5a83e9d99a8ae78cb822799b;p=tinc diff --git a/src/xalloc.h b/src/xalloc.h index 34dac3cc..2b217e8b 100644 --- a/src/xalloc.h +++ b/src/xalloc.h @@ -2,7 +2,7 @@ #define TINC_XALLOC_H /* - xalloc.h -- malloc and related fuctions with out of memory checking + xalloc.h -- malloc and related functions with out of memory checking Copyright (C) 1990, 91, 92, 93, 94, 95, 96, 97 Free Software Foundation, Inc. Copyright (C) 2011-2013 Guus Sliepen @@ -21,53 +21,76 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -static inline void *xmalloc(size_t n) __attribute__ ((__malloc__)); +#include "system.h" + +#include + +static inline void *xmalloc(size_t n) ATTR_MALLOC; static inline void *xmalloc(size_t n) { void *p = malloc(n); - if(!p) + + if(!p) { abort(); + } + return p; } -static inline void *xzalloc(size_t n) __attribute__ ((__malloc__)); +static inline void *xzalloc(size_t n) ATTR_MALLOC; static inline void *xzalloc(size_t n) { void *p = calloc(1, n); - if(!p) + + if(!p) { abort(); + } + return p; } static inline void *xrealloc(void *p, size_t n) { p = realloc(p, n); - if(!p) + + if(!p) { abort(); + } + return p; } -static inline char *xstrdup(const char *s) __attribute__ ((__malloc__)); +static inline char *xstrdup(const char *s) ATTR_MALLOC ATTR_NONNULL; static inline char *xstrdup(const char *s) { char *p = strdup(s); - if(!p) + + if(!p) { abort(); + } + return p; } +static inline int xvasprintf(char **strp, const char *fmt, va_list ap) ATTR_FORMAT(printf, 2, 0); static inline int xvasprintf(char **strp, const char *fmt, va_list ap) { -#ifdef HAVE_MINGW +#ifdef HAVE_WINDOWS char buf[1024]; - int result = vsnprintf(buf, sizeof buf, fmt, ap); - if(result < 0) + int result = vsnprintf(buf, sizeof(buf), fmt, ap); + + if(result < 0) { abort(); + } + *strp = xstrdup(buf); #else int result = vasprintf(strp, fmt, ap); - if(result < 0) + + if(result < 0) { abort(); + } + #endif return result; } -static inline int xasprintf(char **strp, const char *fmt, ...) __attribute__ ((__format__(printf, 2, 3))); +static inline int xasprintf(char **strp, const char *fmt, ...) ATTR_FORMAT(printf, 2, 3); static inline int xasprintf(char **strp, const char *fmt, ...) { va_list ap; va_start(ap, fmt); @@ -76,4 +99,51 @@ static inline int xasprintf(char **strp, const char *fmt, ...) { return result; } +// Zero out a block of memory containing sensitive information using whatever secure +// erase function is available on the platform (or an unreliable fallback if none are). +// The pointer must not be NULL. Length can be zero, in which case the call is a noop. +static inline void memzero(void *buf, size_t buflen) ATTR_NONNULL; +static inline void memzero(void *buf, size_t buflen) { + assert(buf); + + if(!buflen) { + return; + } + +#if defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(buf, buflen); +#elif defined(HAVE_EXPLICIT_MEMSET) + explicit_memset(buf, 0, buflen); +#elif defined(HAVE_MEMSET_S) + errno_t err = memset_s(buf, buflen, 0, buflen); + assert(err == 0); +#elif defined(HAVE_WINDOWS) + SecureZeroMemory(buf, buflen); +#else + volatile uint8_t *p = buf; + + while(buflen--) { + *p++ = 0; + } + #endif +} + +// Zero out a buffer of size `len` located at `ptr` and free() it. +// Does nothing if called on NULL. +static inline void xzfree(void *ptr, size_t len) { + if(ptr) { + memzero(ptr, len); + free(ptr); + } +} + +// Zero out a NULL-terminated string using memzero() and then free it. +// Does nothing if called on NULL. +static inline void free_string(char *str) { + if(str) { + xzfree(str, strlen(str)); + } +} + +#endif // TINC_XALLOC_H