deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

call fatal if mem_head size is corrupted.

Browse Source 
Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
This commit is contained in:
Anthony Romano
2017-07-16 20:50:11 -07:00
committed by NIIBE Yutaka
parent a44244b27e
commit 67acb670d1
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@@ -1,3 +1,11 @@
2017-07-18 Anthony Romano <anthony.romano@coreos.com>
* src/main.c (MEMORY_SIZE, MEM_HEAD_IS_CORRUPT, MEM_HEAD_CHECK):
New.
(gnuk_malloc, gnuk_free): Add calls to MEM_HEAD_CHECK.
* src/gnuk.h (FATAL_HEAP): New.
2017-07-18 Anthony Romano <anthony.romano@coreos.com> 2017-07-18 Anthony Romano <anthony.romano@coreos.com>
* src/openpgp-do.c (gpg_reset_algo_attr): New. * src/openpgp-do.c (gpg_reset_algo_attr): New.

1
src/gnuk.h
View File

@@ -301,6 +301,7 @@ void gpg_increment_digital_signature_counter (void);
void fatal (uint8_t code) __attribute__ ((noreturn)); void fatal (uint8_t code) __attribute__ ((noreturn));
#define FATAL_FLASH 1 #define FATAL_FLASH 1
#define FATAL_RANDOM 2 #define FATAL_RANDOM 2
#define FATAL_HEAP 3
extern uint8_t keystring_md_pw3[KEYSTRING_MD_SIZE]; extern uint8_t keystring_md_pw3[KEYSTRING_MD_SIZE];
extern uint8_t admin_authorized; extern uint8_t admin_authorized;

10
src/main.c
View File

@@ -354,6 +354,7 @@ extern uint8_t __heap_end__[];
#define MEMORY_END (__heap_end__) #define MEMORY_END (__heap_end__)
#define MEMORY_ALIGNMENT 16 #define MEMORY_ALIGNMENT 16
#define MEMORY_ALIGN(n) (((n) + MEMORY_ALIGNMENT - 1) & ~(MEMORY_ALIGNMENT - 1)) #define MEMORY_ALIGN(n) (((n) + MEMORY_ALIGNMENT - 1) & ~(MEMORY_ALIGNMENT - 1))
#define MEMORY_SIZE ((uintptr_t)__heap_end__ - (uintptr_t)__heap_base__)
static uint8_t *heap_p; static uint8_t *heap_p;
static chopstx_mutex_t malloc_mtx; static chopstx_mutex_t malloc_mtx;
@@ -365,6 +366,10 @@ struct mem_head {
struct mem_head *neighbor; /* backlink to neighbor */ struct mem_head *neighbor; /* backlink to neighbor */
}; };
#define MEM_HEAD_IS_CORRUPT(x) \
((x)->size != MEMORY_ALIGN((x)->size) || (x)->size > MEMORY_SIZE)
#define MEM_HEAD_CHECK(x) if (MEM_HEAD_IS_CORRUPT(x)) fatal (FATAL_HEAP)
static struct mem_head *free_list; static struct mem_head *free_list;
static void static void
@@ -421,7 +426,7 @@ gnuk_malloc (size_t size)
m->size = size; m->size = size;
break; break;
} }
MEM_HEAD_CHECK (m);
if (m->size == size) if (m->size == size)
{ {
remove_from_free_list (m); remove_from_free_list (m);
@@ -466,9 +471,11 @@ gnuk_free (void *p)
DEBUG_SHORT (m->size); DEBUG_SHORT (m->size);
DEBUG_WORD ((uint32_t)p); DEBUG_WORD ((uint32_t)p);
MEM_HEAD_CHECK (m);
m->neighbor = NULL; m->neighbor = NULL;
while (m0) while (m0)
{ {
MEM_HEAD_CHECK (m0);
if ((void *)m + m->size == (void *)m0) if ((void *)m + m->size == (void *)m0)
m0->neighbor = m; m0->neighbor = m;
else if ((void *)m0 + m0->size == (void *)m) else if ((void *)m0 + m0->size == (void *)m)
@@ -484,6 +491,7 @@ gnuk_free (void *p)
heap_p -= m->size; heap_p -= m->size;
while (mn) while (mn)
{ {
MEM_HEAD_CHECK (mn);
heap_p -= mn->size; heap_p -= mn->size;
remove_from_free_list (mn); remove_from_free_list (mn);
mn = mn->neighbor; mn = mn->neighbor;