From: Martin Willi Date: Wed, 5 Jun 2013 12:37:05 +0000 (+0200) Subject: Strictly memwipe_check() for magic only in the affected buffer X-Git-Tag: 5.1.0dr1~135 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bc1c92c9e9f33ec6290c05afab45b08e47407dd5;p=thirdparty%2Fstrongswan.git Strictly memwipe_check() for magic only in the affected buffer Passing back the buffer address we memwipe() is not ideal, as it could, in theory, change the behavior of the compiler and not-optimize memwipe(). But as checking a larger stack is very difficult for different architectures and compilers, we do it nonetheless for now. --- diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index d3ba49f46f..174a4cbe9e 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -155,21 +155,15 @@ static bool equals(char *a, char *b) */ #define MEMWIPE_WIPE_WORDS 16 -/** - * Number of words we check stack for memwiped magic - */ -#define MEMWIPE_CHECK_WORDS (MEMWIPE_WIPE_WORDS * 2) - /** * Write magic to memory, and try to clear it with memwipe() */ __attribute__((noinline)) -static void do_magic(int *magic, int **stack) +static void do_magic(int *magic, int **out) { int buf[MEMWIPE_WIPE_WORDS], i; - /* tell caller where callee stack is (but don't point to buf) */ - *stack = &i; + *out = buf; for (i = 0; i < countof(buf); i++) { buf[i] = *magic; @@ -185,27 +179,16 @@ static void do_magic(int *magic, int **stack) */ static bool check_memwipe() { - int magic = 0xCAFEBABE, *ptr, *deeper, i, stackdir = 1; + int magic = 0xCAFEBABE, *buf, i; - do_magic(&magic, &deeper); + do_magic(&magic, &buf); - ptr = &magic; - if (deeper < ptr) - { /* stack grows down */ - stackdir = -1; - } - for (i = 0; i < MEMWIPE_CHECK_WORDS; i++) + for (i = 0; i < MEMWIPE_WIPE_WORDS; i++) { - ptr = ptr + stackdir; - if (*ptr == magic) + if (buf[i] == magic) { - ptr = &magic + stackdir; - if (stackdir == -1) - { - ptr -= MEMWIPE_CHECK_WORDS; - } - DBG1(DBG_LIB, "memwipe() check failed: stackdir: %d %b", - stackdir, ptr, (u_int)(MEMWIPE_CHECK_WORDS * sizeof(int))); + DBG1(DBG_LIB, "memwipe() check failed: stackdir: %b", + buf, MEMWIPE_WIPE_WORDS * sizeof(int)); return FALSE; } }