X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fxalloc.h;h=34f02d0ec1dd0ac7f20b0eba649c8c7820c358f7;hb=refs%2Fheads%2F1.1;hp=397f7b0e19bfce88f8034024547278bb721b32ad;hpb=5b07039b0712bee0f19749d63116a10fb08a2d8b;p=tinc diff --git a/src/xalloc.h b/src/xalloc.h index 397f7b0e..2b217e8b 100644 --- a/src/xalloc.h +++ b/src/xalloc.h @@ -1,5 +1,8 @@ +#ifndef TINC_XALLOC_H +#define TINC_XALLOC_H + /* - xalloc.h -- malloc and related fuctions with out of memory checking + xalloc.h -- malloc and related functions with out of memory checking Copyright (C) 1990, 91, 92, 93, 94, 95, 96, 97 Free Software Foundation, Inc. Copyright (C) 2011-2013 Guus Sliepen @@ -15,46 +18,79 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., Foundation, - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +#include "system.h" -#ifndef __TINC_XALLOC_H__ -#define __TINC_XALLOC_H__ +#include +static inline void *xmalloc(size_t n) ATTR_MALLOC; static inline void *xmalloc(size_t n) { void *p = malloc(n); - if(!p) + + if(!p) { abort(); + } + return p; } +static inline void *xzalloc(size_t n) ATTR_MALLOC; static inline void *xzalloc(size_t n) { void *p = calloc(1, n); - if(!p) + + if(!p) { abort(); + } + return p; } static inline void *xrealloc(void *p, size_t n) { p = realloc(p, n); - if(!p) + + if(!p) { abort(); + } + return p; } +static inline char *xstrdup(const char *s) ATTR_MALLOC ATTR_NONNULL; static inline char *xstrdup(const char *s) { char *p = strdup(s); - if(!p) + + if(!p) { abort(); + } + return p; } +static inline int xvasprintf(char **strp, const char *fmt, va_list ap) ATTR_FORMAT(printf, 2, 0); static inline int xvasprintf(char **strp, const char *fmt, va_list ap) { +#ifdef HAVE_WINDOWS + char buf[1024]; + int result = vsnprintf(buf, sizeof(buf), fmt, ap); + + if(result < 0) { + abort(); + } + + *strp = xstrdup(buf); +#else int result = vasprintf(strp, fmt, ap); - if(result < 0) + + if(result < 0) { abort(); + } + +#endif return result; } +static inline int xasprintf(char **strp, const char *fmt, ...) ATTR_FORMAT(printf, 2, 3); static inline int xasprintf(char **strp, const char *fmt, ...) { va_list ap; va_start(ap, fmt); @@ -63,4 +99,51 @@ static inline int xasprintf(char **strp, const char *fmt, ...) { return result; } +// Zero out a block of memory containing sensitive information using whatever secure +// erase function is available on the platform (or an unreliable fallback if none are). +// The pointer must not be NULL. Length can be zero, in which case the call is a noop. +static inline void memzero(void *buf, size_t buflen) ATTR_NONNULL; +static inline void memzero(void *buf, size_t buflen) { + assert(buf); + + if(!buflen) { + return; + } + +#if defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(buf, buflen); +#elif defined(HAVE_EXPLICIT_MEMSET) + explicit_memset(buf, 0, buflen); +#elif defined(HAVE_MEMSET_S) + errno_t err = memset_s(buf, buflen, 0, buflen); + assert(err == 0); +#elif defined(HAVE_WINDOWS) + SecureZeroMemory(buf, buflen); +#else + volatile uint8_t *p = buf; + + while(buflen--) { + *p++ = 0; + } + #endif +} + +// Zero out a buffer of size `len` located at `ptr` and free() it. +// Does nothing if called on NULL. +static inline void xzfree(void *ptr, size_t len) { + if(ptr) { + memzero(ptr, len); + free(ptr); + } +} + +// Zero out a NULL-terminated string using memzero() and then free it. +// Does nothing if called on NULL. +static inline void free_string(char *str) { + if(str) { + xzfree(str, strlen(str)); + } +} + +#endif // TINC_XALLOC_H