From: Damien Miller <djm@mindrot.org>
Date: Tue, 20 Aug 2024 03:55:30 +0000 (+1000)
Subject: private key coredump protection for Linux/FreeBSD
X-Git-Tag: V_9_9_P1~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d922762ca16a7381131b242f49d7376c41fabcb5;p=thirdparty%2Fopenssh-portable.git

private key coredump protection for Linux/FreeBSD

platforms not supporting coredump exclusion using mmap/madvise flags
fall back to plain old malloc(3).
---

diff --git a/sshkey.c b/sshkey.c
index 6207cfc1d..384fb59b0 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -746,9 +746,23 @@ sshkey_prekey_alloc(u_char **prekeyp, size_t len)
 	u_char *prekey;
 
 	*prekeyp = NULL;
+#if defined(MAP_CONCEAL)
 	if ((prekey = mmap(NULL, SSHKEY_SHIELD_PREKEY_LEN, PROT_READ|PROT_WRITE,
 	    MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0)) == MAP_FAILED)
 		return SSH_ERR_SYSTEM_ERROR;
+#elif defined(MAP_NOCORE)
+	if ((prekey = mmap(NULL, SSHKEY_SHIELD_PREKEY_LEN, PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE|MAP_NOCORE, -1, 0)) == MAP_FAILED)
+		return SSH_ERR_SYSTEM_ERROR;
+#elif defined(MADV_DONTDUMP)
+	if ((prekey = mmap(NULL, SSHKEY_SHIELD_PREKEY_LEN, PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+		return SSH_ERR_SYSTEM_ERROR;
+	(void)madvise(prekey, len, MADV_DONTDUMP);
+#else
+	if ((prekey = calloc(1, len)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+#endif
 	*prekeyp = prekey;
 	return 0;
 }
@@ -758,7 +772,11 @@ sshkey_prekey_free(void *prekey, size_t len)
 {
 	if (prekey == NULL)
 		return;
+#if defined(MAP_CONCEAL) || defined(MAP_NOCORE) || defined(MADV_DONTDUMP)
 	munmap(prekey, len);
+#else
+	freezero(prekey, len);
+#endif
 }
 
 static void