Re: libcurl leaks information in freed memory

Fri, 19 Oct 2018 02:01:45 -0700 


On 19.10.18 08:58, Gabriel Zachmann via curl-library wrote:


get the length. But yes, if all allocated memory should be freed, we 
have to keep track of the size. A simple way to do so is using an custom 
allocator that allocates more memory as requested and saves the size in 
the memory before the pointer it returns. 

I attached some code that should be capable of doing so.


And measuring if the cleared memory was really cleared is also not that 
trivial.


We can use the following commands to do so:
gcore -o /tmp/xxxx $PID
cat /tmp/xxxx.$PID | strings | grep yyy


and use a characteristic string for yyy, so we can see if that string 
was really removed from memory.


But that would not be a simple unit test.


--
Gabriel

#include <stdlib.h>
#include <string.h>

static void* (*const volatile memset_ptr)(void*, int, size_t) = memset;

static void moresecure_memzero(void* p, size_t len) {
  __asm__("" : : "m"(p));
  (memset_ptr)(p, 0, len);
}

void* secAlloc(size_t size) {
  if (size == 0) {
    return NULL;
  }
  size_t sizesize = sizeof(size);
  void*  p        = calloc(size + sizesize, 1);
  if (p == NULL) {
    return NULL;
  }
  *(size_t*)p = size;
  return p + sizesize;
}

#define secFree(ptr) \
  do {               \
    _secFree((ptr)); \
    (ptr) = NULL;    \
  } while (0)
#define secFreeN(ptr, len)   \
  do {                       \
    _secFreeN((ptr), (len)); \
    (ptr) = NULL;            \
  } while (0)

void _secFreeN(void* p, size_t len) {
  if (p == NULL) {
    return;
  }
  moresecure_memzero(p, len);
  free(p);
}

void _secFree(void* p) {
  if (p == NULL) {
    return;
  }
  void*  freeptr = p - sizeof(size_t);
  size_t len     = *(size_t*)freeptr;
  secFreeN(freeptr, len);
}

void* secRealloc(void* p, size_t size) {
  if (p == NULL) {
    return secAlloc(size);
  }
  if (size == 0) {
    secFree(p);
    return NULL;
  }
  size_t oldsize = *(size_t*)(p - sizeof(size_t));
  size_t movelen = oldsize < size ? oldsize : size;
  void*  newp    = secAlloc(size);
  if (newp == NULL) {
    return NULL;
  }
  memmove(newp, p, movelen);
  secFree(p);
  return newp;
}



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html





















					Reply via email to