1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
diff --git a/tests/explicit_bzero.c b/tests/explicit_bzero.c
index 34c60baa8a..9c0e917829 100644
--- a/tests/explicit_bzero.c
+++ b/tests/explicit_bzero.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: explicit_bzero.c,v 1.6 2014/07/11 01:10:35 matthew Exp $ */
+/* $OpenBSD: explicit_bzero.c,v 1.7 2021/03/27 11:17:58 bcook Exp $ */
/*
* Copyright (c) 2014 Google Inc.
*
@@ -18,6 +18,7 @@
#include <assert.h>
#include <errno.h>
#include <signal.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -36,19 +37,33 @@ enum {
SECRETBYTES = SECRETCOUNT * sizeof(secret)
};
-static char altstack[SIGSTKSZ + SECRETBYTES];
+/*
+ * As of glibc 2.34, when _GNU_SOURCE is defined, SIGSTKSZ is no longer
+ * constant on Linux. SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).
+ */
+static char *altstack;
+#define ALTSTACK_SIZE (SIGSTKSZ + SECRETBYTES)
static void
setup_stack(void)
{
+ altstack = calloc(1, ALTSTACK_SIZE);
+ ASSERT_NE(NULL, altstack);
+
const stack_t sigstk = {
.ss_sp = altstack,
- .ss_size = sizeof(altstack),
+ .ss_size = ALTSTACK_SIZE
};
ASSERT_EQ(0, sigaltstack(&sigstk, NULL));
}
+static void
+cleanup_stack(void)
+{
+ free(altstack);
+}
+
static void
assert_on_stack(void)
{
@@ -129,7 +144,7 @@ test_without_bzero()
char buf[SECRETBYTES];
assert_on_stack();
populate_secret(buf, sizeof(buf));
- char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf));
+ char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
ASSERT_NE(NULL, res);
return (res);
}
@@ -140,7 +155,7 @@ test_with_bzero()
char buf[SECRETBYTES];
assert_on_stack();
populate_secret(buf, sizeof(buf));
- char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf));
+ char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf));
ASSERT_NE(NULL, res);
explicit_bzero(buf, sizeof(buf));
return (res);
@@ -183,15 +198,17 @@ main()
* on the stack. This sanity checks that call_on_stack() and
* populate_secret() work as intended.
*/
- memset(altstack, 0, sizeof(altstack));
+ memset(altstack, 0, ALTSTACK_SIZE);
call_on_stack(do_test_without_bzero);
/*
* Now test with a call to explicit_bzero() and check that we
* *don't* find any instances of the secret data.
*/
- memset(altstack, 0, sizeof(altstack));
+ memset(altstack, 0, ALTSTACK_SIZE);
call_on_stack(do_test_with_bzero);
+ cleanup_stack();
+
return (0);
}
|