on 09/02/2013 17:04 Andrey Zonov said the following: > On 2/9/13 5:07 PM, Fabian Keil wrote: >> >> This would at least prevent the segfault. >> > > I see two possibilities to get segfault: > - no checking for result from memory allocation functions > - too big stack > > I have no found any broken memory allocation checking, but I found two > big objects on the stack. One is buf[MAXPHYS] in eli_genkey_files() and > another is passbuf[MAXPHYS] in eli_genkey_passphrase(). If we change > these two to malloc(), then we can handle error from malloc(), print > some useful message and prevent segfault.
I'd rather do what Kostik suggested and Fabian mentioned: instead of mlockall(MCL_FUTURE) the code should mlock only the (explicitly designated) buffers that can contain sensitive data. -- Andriy Gapon _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
