2
* Off-the-Record Messaging library
3
* Copyright (C) 2004-2008 Ian Goldberg, Chris Alexander, Nikita Borisov
6
* This library is free software; you can redistribute it and/or
7
* modify it under the terms of version 2.1 of the GNU Lesser General
8
* Public License as published by the Free Software Foundation.
10
* This library is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13
* Lesser General Public License for more details.
15
* You should have received a copy of the GNU Lesser General Public
16
* License along with this library; if not, write to the Free Software
17
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20
/* Memory allocation routines for libgcrypt. All of the session key
21
* information gets allocated through here, so we can wipe it out when
22
* it's free()d. We don't use the built-in secmem functions of
23
* libgcrypt because you need to declare a fixed amount of it when you
26
* Because "secure" and "insecure" allocations from libgcrypt will get
27
* handled the same way (since we're not going to be running as root,
28
* and so won't actually have pinned memory), pretend all allocated
29
* memory (but just from libgcrypt) is requested secure, and wipe it on
32
/* Uncomment the following to add a check that our free() and realloc() only
33
* get called on things returned from our malloc(). */
34
/* #define OTRL_MEM_MAGIC 0x31415926 */
42
/* libgcrypt headers */
48
static int header_size;
50
static void *otrl_mem_malloc(size_t n)
56
/* Check for overflow attack */
57
if (new_n < n) return NULL;
59
if (p == NULL) return NULL;
61
((size_t *)p)[0] = new_n; /* Includes header size */
63
((size_t *)p)[1] = OTRL_MEM_MAGIC;
66
return (void *)((char *)p + header_size);
69
static int otrl_mem_is_secure(const void *p)
74
static void otrl_mem_free(void *p)
76
void *real_p = (void *)((char *)p - header_size);
77
size_t n = ((size_t *)real_p)[0];
79
if (((size_t *)real_p)[1] != OTRL_MEM_MAGIC) {
80
fprintf(stderr, "Illegal free!\n");
85
/* Wipe the memory (in the same way the built-in deallocator in
87
memset(real_p, 0xff, n);
88
memset(real_p, 0xaa, n);
89
memset(real_p, 0x55, n);
90
memset(real_p, 0x00, n);
95
static void *otrl_mem_realloc(void *p, size_t n)
98
return otrl_mem_malloc(n);
103
void *real_p = (void *)((char *)p - header_size);
105
size_t old_n = ((size_t *)real_p)[0];
106
#ifdef OTRL_MEM_MAGIC
107
size_t magic = ((size_t *)real_p)[1];
110
new_n += header_size;
112
/* Check for overflow attack */
113
if (new_n < n) return NULL;
115
#ifdef OTRL_MEM_MAGIC
116
if (magic != OTRL_MEM_MAGIC) {
117
fprintf(stderr, "Illegal realloc!\n");
123
/* Overwrite the space we're about to stop using */
124
void *p = (void *)((char *)real_p + new_n);
125
size_t excess = old_n - new_n;
126
memset(p, 0xff, excess);
127
memset(p, 0xaa, excess);
128
memset(p, 0x55, excess);
129
memset(p, 0x00, excess);
131
/* We don't actually need to realloc() */
134
new_p = realloc(real_p, new_n);
135
if (new_p == NULL) return NULL;
138
((size_t *)new_p)[0] = new_n; /* Includes header size */
139
return (void *)((char *)new_p + header_size);
143
void otrl_mem_init(void)
146
#ifdef OTRL_MEM_MAGIC
147
if (header_size < 2*sizeof(size_t)) {
148
header_size = 2*sizeof(size_t);
151
if (header_size < sizeof(size_t)) {
152
header_size = sizeof(size_t);
156
gcry_set_allocation_handler(