diff options
| author | Martin Willi <martin@revosec.ch> | 2013-05-03 11:41:51 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-05-03 11:41:51 +0200 |
| commit | 1657b4ef269e35b6b7065ee6af9159f8fa05cfa1 (patch) | |
| tree | cc5b9a94530e630d4c557d546f4b1ba9cc264641 /src | |
| parent | 0f499f41dca359c391bb88a5fe28a0b5963e9370 (diff) | |
| download | strongswan-1657b4ef269e35b6b7065ee6af9159f8fa05cfa1.tar.bz2 strongswan-1657b4ef269e35b6b7065ee6af9159f8fa05cfa1.tar.xz | |
Dump stack if memwipe() check fails
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/library.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 4dec61203..170bc9f4b 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -151,12 +151,22 @@ static bool equals(char *a, char *b) } /** + * Number of words we write and memwipe() in memwipe check + */ +#define MEMWIPE_WIPE_WORDS 16 + +/** + * Number of words we check stack for memwiped magic + */ +#define MEMWIPE_CHECK_WORDS (MEMWIPE_WIPE_WORDS * 2) + +/** * Write magic to memory, and try to clear it with memwipe() */ __attribute__((noinline)) static void do_magic(int magic, int **stack) { - int buf[32], i; + int buf[MEMWIPE_WIPE_WORDS], i; /* tell caller where callee stack is (but don't point to buf) */ *stack = &i; @@ -184,11 +194,18 @@ static bool check_memwipe() { /* stack grows down */ stackdir = -1; } - for (i = 0; i < 128; i++) + for (i = 0; i < MEMWIPE_CHECK_WORDS; i++) { ptr = ptr + stackdir; if (*ptr == magic) { + ptr = &magic + stackdir; + if (stackdir == -1) + { + ptr -= MEMWIPE_CHECK_WORDS; + } + DBG1(DBG_LIB, "memwipe() check failed: stackdir: %d %b", + stackdir, ptr, (u_int)(MEMWIPE_CHECK_WORDS * sizeof(int))); return FALSE; } } @@ -268,7 +285,6 @@ bool library_init(char *settings) if (!check_memwipe()) { - DBG1(DBG_LIB, "memwipe() check failed"); return FALSE; } |