X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fxalloc.h;h=c8cfbebfb1bae47c921ff0207e0e19e06c543e19;hb=e62fd508158749a0d55eae06c2e361df5d6da6e0;hp=ac24ebc6b424a0b0f504de5a40525c36f217e4f2;hpb=953f5b4231bbbb8269bb0c55b96a1c8c4bb34a59;p=tinc diff --git a/src/xalloc.h b/src/xalloc.h index ac24ebc6..c8cfbebf 100644 --- a/src/xalloc.h +++ b/src/xalloc.h @@ -2,7 +2,7 @@ #define TINC_XALLOC_H /* - xalloc.h -- malloc and related fuctions with out of memory checking + xalloc.h -- malloc and related functions with out of memory checking Copyright (C) 1990, 91, 92, 93, 94, 95, 96, 97 Free Software Foundation, Inc. Copyright (C) 2011-2013 Guus Sliepen @@ -21,7 +21,11 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -static inline void *xmalloc(size_t n) __attribute__((__malloc__)); +#include "system.h" + +#include + +static inline void *xmalloc(size_t n) ATTR_MALLOC; static inline void *xmalloc(size_t n) { void *p = malloc(n); @@ -32,7 +36,7 @@ static inline void *xmalloc(size_t n) { return p; } -static inline void *xzalloc(size_t n) __attribute__((__malloc__)); +static inline void *xzalloc(size_t n) ATTR_MALLOC; static inline void *xzalloc(size_t n) { void *p = calloc(1, n); @@ -53,7 +57,7 @@ static inline void *xrealloc(void *p, size_t n) { return p; } -static inline char *xstrdup(const char *s) __attribute__((__malloc__, __nonnull__)); +static inline char *xstrdup(const char *s) ATTR_MALLOC ATTR_NONNULL; static inline char *xstrdup(const char *s) { char *p = strdup(s); @@ -65,7 +69,7 @@ static inline char *xstrdup(const char *s) { } static inline int xvasprintf(char **strp, const char *fmt, va_list ap) { -#ifdef HAVE_MINGW +#ifdef HAVE_WINDOWS char buf[1024]; int result = vsnprintf(buf, sizeof(buf), fmt, ap); @@ -85,7 +89,7 @@ static inline int xvasprintf(char **strp, const char *fmt, va_list ap) { return result; } -static inline int xasprintf(char **strp, const char *fmt, ...) __attribute__((__format__(printf, 2, 3))); +static inline int xasprintf(char **strp, const char *fmt, ...) ATTR_FORMAT(printf, 2, 3); static inline int xasprintf(char **strp, const char *fmt, ...) { va_list ap; va_start(ap, fmt); @@ -94,4 +98,51 @@ static inline int xasprintf(char **strp, const char *fmt, ...) { return result; } +// Zero out a block of memory containing sensitive information using whatever secure +// erase function is available on the platform (or an unreliable fallback if none are). +// The pointer must not be NULL. Length can be zero, in which case the call is a noop. +static inline void memzero(void *buf, size_t buflen) ATTR_NONNULL; +static inline void memzero(void *buf, size_t buflen) { + assert(buf); + + if(!buflen) { + return; + } + +#if defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(buf, buflen); +#elif defined(HAVE_EXPLICIT_MEMSET) + explicit_memset(buf, 0, buflen); +#elif defined(HAVE_MEMSET_S) + errno_t err = memset_s(buf, buflen, 0, buflen); + assert(err == 0); +#elif defined(HAVE_WINDOWS) + SecureZeroMemory(buf, buflen); +#else + volatile uint8_t *p = buf; + + while(buflen--) { + *p++ = 0; + } + #endif +} + +// Zero out a buffer of size `len` located at `ptr` and free() it. +// Does nothing if called on NULL. +static inline void xzfree(void *ptr, size_t len) { + if(ptr) { + memzero(ptr, len); + free(ptr); + } +} + +// Zero out a NULL-terminated string using memzero() and then free it. +// Does nothing if called on NULL. +static inline void free_string(char *str) { + if(str) { + xzfree(str, strlen(str)); + } +} + +#endif // TINC_XALLOC_H