X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fxalloc.h;h=34f02d0ec1dd0ac7f20b0eba649c8c7820c358f7;hb=refs%2Fheads%2F1.1;hp=51f99bdfd2d322544999c685f01f7800b8ae040c;hpb=35b1c25093a478d20e01f0ff391c9cdc9c41c2b8;p=tinc diff --git a/src/xalloc.h b/src/xalloc.h index 51f99bdf..2b217e8b 100644 --- a/src/xalloc.h +++ b/src/xalloc.h @@ -1,29 +1,149 @@ -#include - -#ifndef PARAMS -# if defined PROTOTYPES || (defined __STDC__ && __STDC__) -# define PARAMS(Args) Args -# else -# define PARAMS(Args) () -# endif +#ifndef TINC_XALLOC_H +#define TINC_XALLOC_H + +/* + xalloc.h -- malloc and related functions with out of memory checking + Copyright (C) 1990, 91, 92, 93, 94, 95, 96, 97 Free Software Foundation, Inc. + Copyright (C) 2011-2013 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., Foundation, + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +#include "system.h" + +#include + +static inline void *xmalloc(size_t n) ATTR_MALLOC; +static inline void *xmalloc(size_t n) { + void *p = malloc(n); + + if(!p) { + abort(); + } + + return p; +} + +static inline void *xzalloc(size_t n) ATTR_MALLOC; +static inline void *xzalloc(size_t n) { + void *p = calloc(1, n); + + if(!p) { + abort(); + } + + return p; +} + +static inline void *xrealloc(void *p, size_t n) { + p = realloc(p, n); + + if(!p) { + abort(); + } + + return p; +} + +static inline char *xstrdup(const char *s) ATTR_MALLOC ATTR_NONNULL; +static inline char *xstrdup(const char *s) { + char *p = strdup(s); + + if(!p) { + abort(); + } + + return p; +} + +static inline int xvasprintf(char **strp, const char *fmt, va_list ap) ATTR_FORMAT(printf, 2, 0); +static inline int xvasprintf(char **strp, const char *fmt, va_list ap) { +#ifdef HAVE_WINDOWS + char buf[1024]; + int result = vsnprintf(buf, sizeof(buf), fmt, ap); + + if(result < 0) { + abort(); + } + + *strp = xstrdup(buf); +#else + int result = vasprintf(strp, fmt, ap); + + if(result < 0) { + abort(); + } + #endif + return result; +} + +static inline int xasprintf(char **strp, const char *fmt, ...) ATTR_FORMAT(printf, 2, 3); +static inline int xasprintf(char **strp, const char *fmt, ...) { + va_list ap; + va_start(ap, fmt); + int result = xvasprintf(strp, fmt, ap); + va_end(ap); + return result; +} -/* Exit value when the requested amount of memory is not available. - The caller may set it to some other value. */ -extern int xalloc_exit_failure; +// Zero out a block of memory containing sensitive information using whatever secure +// erase function is available on the platform (or an unreliable fallback if none are). +// The pointer must not be NULL. Length can be zero, in which case the call is a noop. +static inline void memzero(void *buf, size_t buflen) ATTR_NONNULL; +static inline void memzero(void *buf, size_t buflen) { + assert(buf); -/* FIXME: describe */ -extern char *const xalloc_msg_memory_exhausted; + if(!buflen) { + return; + } -/* FIXME: describe */ -extern void (*xalloc_fail_func) (); +#if defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(buf, buflen); +#elif defined(HAVE_EXPLICIT_MEMSET) + explicit_memset(buf, 0, buflen); +#elif defined(HAVE_MEMSET_S) + errno_t err = memset_s(buf, buflen, 0, buflen); + assert(err == 0); +#elif defined(HAVE_WINDOWS) + SecureZeroMemory(buf, buflen); +#else + volatile uint8_t *p = buf; + + while(buflen--) { + *p++ = 0; + } + +#endif +} -void *xmalloc PARAMS ((size_t n)) __attribute__ ((__malloc__)); -void *xmalloc_and_zero PARAMS ((size_t n)) __attribute__ ((__malloc__)); -void *xcalloc PARAMS ((size_t n, size_t s)); -void *xrealloc PARAMS ((void *p, size_t n)) __attribute__ ((__malloc__)); +// Zero out a buffer of size `len` located at `ptr` and free() it. +// Does nothing if called on NULL. +static inline void xzfree(void *ptr, size_t len) { + if(ptr) { + memzero(ptr, len); + free(ptr); + } +} -char *xstrdup PARAMS ((const char *s)) __attribute__ ((__malloc__)); +// Zero out a NULL-terminated string using memzero() and then free it. +// Does nothing if called on NULL. +static inline void free_string(char *str) { + if(str) { + xzfree(str, strlen(str)); + } +} -extern int xasprintf(char **strp, const char *fmt, ...); -extern int xvasprintf(char **strp, const char *fmt, va_list ap); +#endif // TINC_XALLOC_H