From: Damien Miller <djm@mindrot.org>
Date: Tue, 20 Aug 2024 23:18:29 +0000 (+1000)
Subject: simplify sshkey_prekey_alloc(); always use mmap
X-Git-Tag: V_9_9_P1~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cbd3f034bbf7853618fac99d7d868a2250154ea7;p=thirdparty%2Fopenssh-portable.git

simplify sshkey_prekey_alloc(); always use mmap
---

diff --git a/sshkey.c b/sshkey.c
index 7d8567404..c6798e834 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -740,28 +740,25 @@ sshkey_sk_cleanup(struct sshkey *k)
 	k->sk_key_handle = k->sk_reserved = NULL;
 }
 
+#if defined(MAP_CONCEAL)
+# define PREKEY_MMAP_FLAG	MAP_CONCEAL
+#elif defined(MAP_NOCORE)
+# define PREKEY_MMAP_FLAG	MAP_NOCORE
+#else
+# define PREKEY_MMAP_FLAG	0
+#endif
+
 static int
 sshkey_prekey_alloc(u_char **prekeyp, size_t len)
 {
 	u_char *prekey;
 
 	*prekeyp = NULL;
-#if defined(MAP_CONCEAL)
 	if ((prekey = mmap(NULL, len, PROT_READ|PROT_WRITE,
-	    MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0)) == MAP_FAILED)
-		return SSH_ERR_SYSTEM_ERROR;
-#elif defined(MAP_NOCORE)
-	if ((prekey = mmap(NULL, len, PROT_READ|PROT_WRITE,
-	    MAP_ANON|MAP_PRIVATE|MAP_NOCORE, -1, 0)) == MAP_FAILED)
-		return SSH_ERR_SYSTEM_ERROR;
-#elif defined(MADV_DONTDUMP)
-	if ((prekey = mmap(NULL, len, PROT_READ|PROT_WRITE,
-	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+	    MAP_ANON|MAP_PRIVATE|PREKEY_MMAP_FLAG, -1, 0)) == MAP_FAILED)
 		return SSH_ERR_SYSTEM_ERROR;
+#if defined(MADV_DONTDUMP) && !defined(MAP_CONCEAL) && !defined(MAP_NOCORE)
 	(void)madvise(prekey, len, MADV_DONTDUMP);
-#else
-	if ((prekey = calloc(1, len)) == NULL)
-		return SSH_ERR_ALLOC_FAIL;
 #endif
 	*prekeyp = prekey;
 	return 0;
@@ -772,11 +769,7 @@ sshkey_prekey_free(void *prekey, size_t len)
 {
 	if (prekey == NULL)
 		return;
-#if defined(MAP_CONCEAL) || defined(MAP_NOCORE) || defined(MADV_DONTDUMP)
 	munmap(prekey, len);
-#else
-	freezero(prekey, len);
-#endif
 }
 
 static void