libopensc: Add 'paranoid-memory' setting for behavior when mlock() fails

* Setting paranoid-memory to true, and mlock() fails, then
   allocations which require non-pageable memory will return NULL
This commit is contained in:
Stef Walter 2011-12-14 13:14:14 +01:00 committed by Ludovic Rousseau
parent 6ed52a06b8
commit 00e02359a3
4 changed files with 27 additions and 3 deletions

View File

@ -28,6 +28,15 @@ app default {
#
# profile_dir = @pkgdatadir@;
# Paranoid memory allocation.
#
# If set to 'true', then refuse to continue when locking of non-pageable
# memory fails. This can cause subtle failures but is more secure when
# you have a swap disk.
# Default: false
#
# paranoid_memory = false;
# CT-API module configuration.
reader_driver ctapi {
# module /usr/local/towitoko/lib/libtowitoko.so {

View File

@ -180,6 +180,7 @@ static void set_defaults(sc_context_t *ctx, struct _sc_ctx_options *opts)
if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout))
fclose(ctx->debug_file);
ctx->debug_file = stderr;
ctx->paranoid_memory = 0;
#ifdef __APPLE__
/* Override the default debug log for OpenSC.tokend to be different from PKCS#11.
* TODO: Could be moved to OpenSC.tokend */
@ -230,6 +231,9 @@ static int load_parameters(sc_context_t *ctx, scconf_block *block,
if (val)
sc_ctx_log_to_file(ctx, val);
ctx->paranoid_memory = scconf_get_bool (block, "paranoid-memory",
ctx->paranoid_memory);
val = scconf_get_str(block, "force_card_driver", NULL);
if (val) {
if (opts->forced_card_driver)

View File

@ -603,6 +603,7 @@ typedef struct sc_context {
scconf_block *conf_blocks[3];
char *app_name;
int debug;
int paranoid_memory;
FILE *debug_file;
char *preferred_language;

View File

@ -701,16 +701,26 @@ int _sc_parse_atr(sc_reader_t *reader)
void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len)
{
void *pointer;
int locked = 0;
pointer = calloc(len, sizeof(unsigned char));
if (!pointer)
return NULL;
#ifdef HAVE_SYS_MMAN_H
/* TODO Windows support and mprotect too */
/* Do not swap the memory */
if (mlock(pointer, len) == -1)
sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, pin may be paged to disk");
if (mlock(pointer, len) >= 0)
locked = 1;
#endif
if (!locked) {
if (ctx->paranoid_memory) {
sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, failing allocation because paranoid set");
free (pointer);
pointer = NULL;
} else {
sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, sensitive data may be paged to disk");
}
}
return pointer;
}