diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /comm/third_party/libotr/src/mem.c | |
parent | Initial commit. (diff) | |
download | thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.tar.xz thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'comm/third_party/libotr/src/mem.c')
-rw-r--r-- | comm/third_party/libotr/src/mem.c | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/comm/third_party/libotr/src/mem.c b/comm/third_party/libotr/src/mem.c new file mode 100644 index 0000000000..29330ae757 --- /dev/null +++ b/comm/third_party/libotr/src/mem.c @@ -0,0 +1,180 @@ +/* + * Off-the-Record Messaging library + * Copyright (C) 2004-2014 Ian Goldberg, David Goulet, Rob Smits, + * Chris Alexander, Willy Lew, Lisa Du, + * Nikita Borisov + * <otr@cypherpunks.ca> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of version 2.1 of the GNU Lesser General + * Public License as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/* Memory allocation routines for libgcrypt. All of the session key + * information gets allocated through here, so we can wipe it out when + * it's free()d. We don't use the built-in secmem functions of + * libgcrypt because you need to declare a fixed amount of it when you + * start up. + * + * Because "secure" and "insecure" allocations from libgcrypt will get + * handled the same way (since we're not going to be running as root, + * and so won't actually have pinned memory), pretend all allocated + * memory (but just from libgcrypt) is requested secure, and wipe it on + * free(). */ + +/* Uncomment the following to add a check that our free() and realloc() only + * get called on things returned from our malloc(). */ +/* #define OTRL_MEM_MAGIC 0x31415926 */ + +/* system headers */ +#ifdef OTRL_MEM_MAGIC +#include <stdio.h> +#endif +#include <stdlib.h> + +/* libgcrypt headers */ +#include <gcrypt.h> + +/* libotr headers */ +#include "mem.h" + +static size_t header_size; + +static void *otrl_mem_malloc(size_t n) +{ + void *p; + size_t new_n = n; + new_n += header_size; + + /* Check for overflow attack */ + if (new_n < n) return NULL; + p = malloc(new_n); + if (p == NULL) return NULL; + + ((size_t *)p)[0] = new_n; /* Includes header size */ +#ifdef OTRL_MEM_MAGIC + ((size_t *)p)[1] = OTRL_MEM_MAGIC; +#endif + + return (void *)((char *)p + header_size); +} + +static int otrl_mem_is_secure(const void *p) +{ + return 1; +} + +static void otrl_mem_free(void *p) +{ + void *real_p = (void *)((char *)p - header_size); + size_t n = ((size_t *)real_p)[0]; +#ifdef OTRL_MEM_MAGIC + if (((size_t *)real_p)[1] != OTRL_MEM_MAGIC) { + fprintf(stderr, "Illegal free!\n"); + return; + } +#endif + + /* Wipe the memory (in the same way the built-in deallocator in + * libgcrypt would) */ + memset(real_p, 0xff, n); + memset(real_p, 0xaa, n); + memset(real_p, 0x55, n); + memset(real_p, 0x00, n); + + free(real_p); +} + +static void *otrl_mem_realloc(void *p, size_t n) +{ + if (p == NULL) { + return otrl_mem_malloc(n); + } else if (n == 0) { + otrl_mem_free(p); + return NULL; + } else { + void *real_p = (void *)((char *)p - header_size); + void *new_p; + size_t old_n = ((size_t *)real_p)[0]; +#ifdef OTRL_MEM_MAGIC + size_t magic = ((size_t *)real_p)[1]; +#endif + size_t new_n = n; + new_n += header_size; + + /* Check for overflow attack */ + if (new_n < n) return NULL; + +#ifdef OTRL_MEM_MAGIC + if (magic != OTRL_MEM_MAGIC) { + fprintf(stderr, "Illegal realloc!\n"); + return NULL; + } +#endif + + if (new_n < old_n) { + /* Overwrite the space we're about to stop using */ + void *p = (void *)((char *)real_p + new_n); + size_t excess = old_n - new_n; + memset(p, 0xff, excess); + memset(p, 0xaa, excess); + memset(p, 0x55, excess); + memset(p, 0x00, excess); + + /* We don't actually need to realloc() */ + new_p = real_p; + } else { + new_p = realloc(real_p, new_n); + if (new_p == NULL) return NULL; + } + + ((size_t *)new_p)[0] = new_n; /* Includes header size */ + return (void *)((char *)new_p + header_size); + } +} + +void otrl_mem_init(void) +{ + header_size = 8; +#ifdef OTRL_MEM_MAGIC + if (header_size < 2*sizeof(size_t)) { + header_size = 2*sizeof(size_t); + } +#else + if (header_size < sizeof(size_t)) { + header_size = sizeof(size_t); + } +#endif + + gcry_set_allocation_handler( + otrl_mem_malloc, + otrl_mem_malloc, + otrl_mem_is_secure, + otrl_mem_realloc, + otrl_mem_free + ); +} + +/* Compare two memory blocks in time dependent on the length of the + * blocks, but not their contents. Returns 1 if they differ, 0 if they + * are the same. */ +int otrl_mem_differ(const unsigned char *buf1, const unsigned char *buf2, + size_t len) +{ + volatile unsigned char diff = 0; + size_t i; + + for (i = 0; i < len; ++i) { + diff |= (buf1[i] ^ buf2[i]); + } + return (diff != 0); +} |