private key coredump protection for Linux/FreeBSD

platforms not supporting coredump exclusion using mmap/madvise flags
fall back to plain old malloc(3).

diff --git a/sshkey.c b/sshkey.c
index 6207cfc1dd3d058ffb6b6370074b75393693cf96..384fb59b09b6abd57e28f1b896349e681f4c53fb 100644 (file)
--- a/sshkey.c
+++ b/sshkey.c
@@ -746,9 +746,23 @@ sshkey_prekey_alloc(u_char **prekeyp, size_t len)
        u_char *prekey;
 
        *prekeyp = NULL;
+#if defined(MAP_CONCEAL)
        if ((prekey = mmap(NULL, SSHKEY_SHIELD_PREKEY_LEN, PROT_READ|PROT_WRITE,
            MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0)) == MAP_FAILED)
                return SSH_ERR_SYSTEM_ERROR;
+#elif defined(MAP_NOCORE)
+       if ((prekey = mmap(NULL, SSHKEY_SHIELD_PREKEY_LEN, PROT_READ|PROT_WRITE,
+           MAP_ANON|MAP_PRIVATE|MAP_NOCORE, -1, 0)) == MAP_FAILED)
+               return SSH_ERR_SYSTEM_ERROR;
+#elif defined(MADV_DONTDUMP)
+       if ((prekey = mmap(NULL, SSHKEY_SHIELD_PREKEY_LEN, PROT_READ|PROT_WRITE,
+           MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+               return SSH_ERR_SYSTEM_ERROR;
+       (void)madvise(prekey, len, MADV_DONTDUMP);
+#else
+       if ((prekey = calloc(1, len)) == NULL)
+               return SSH_ERR_ALLOC_FAIL;
+#endif
        *prekeyp = prekey;
        return 0;
 }
@@ -758,7 +772,11 @@ sshkey_prekey_free(void *prekey, size_t len)
 {
        if (prekey == NULL)
                return;
+#if defined(MAP_CONCEAL) || defined(MAP_NOCORE) || defined(MADV_DONTDUMP)
        munmap(prekey, len);
+#else
+       freezero(prekey, len);
+#endif
 }
 
 static void