SecBSD/ports
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ports/security/opensc/patches/patch-src_libopensc_sc_c

45 lines
976 B
Text
Raw Blame History

Avoid mlock; not really useful unless non-default vm.swapencrypt.enable=0
is used, and prevents opensc being used by pledge()'d callers.
Belt and braces with calloc_conceal: upstream already uses explicit_bzero,
but we might as well use this which conceals secure allocations from dumps.
Index: src/libopensc/sc.c
--- src/libopensc/sc.c.orig
+++ src/libopensc/sc.c
@@ -923,14 +923,18 @@ void *sc_mem_secure_alloc(size_t len)
len = pages * page_size;
}
+#ifdef HAVE_CALLOC_CONCEAL
+ p = calloc_conceal(1, len);
+#else
p = calloc(1, len);
if (p == NULL) {
return NULL;
}
-#ifdef _WIN32
+# ifdef _WIN32
VirtualLock(p, len);
-#else
+# else
mlock(p, len);
+# endif
#endif
return p;
@@ -938,10 +942,14 @@ void *sc_mem_secure_alloc(size_t len)
void sc_mem_secure_free(void *ptr, size_t len)
{
+#ifdef HAVE_CALLOC_CONCEAL
+ /* do nothing */
+#else
#ifdef _WIN32
VirtualUnlock(ptr, len);
#else
munlock(ptr, len);
+#endif
#endif
free(ptr);
}
Reference in a new issue View git blame Copy permalink