This is something I noticed while reviewing this report:
https://github.com/libressl-portable/portable/issues/200
In the event of a failure in _rs_allocate for rsx, we still return the
freed memory for rs. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
Also, for Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed. This switches to _rs_alloc on windows use
VirtualAlloc, which restricts the memory to READ|WRITE, possibly
provides better address randomization (or at least page-aligns the
allocations), and the memory doesn't end up in the process heap.
ok?
Index: arc4random_aix.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/arc4random_aix.h,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 arc4random_aix.h
--- arc4random_aix.h 30 Mar 2015 11:29:48 -0000 1.1
+++ arc4random_aix.h 30 Jun 2016 11:28:18 -0000
@@ -72,6 +72,7 @@ _rs_allocate(struct _rs **rsp, struct _r
if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
munmap(*rsp, sizeof(**rsp));
+ *rsp = NULL;
return (-1);
}
Index: arc4random_freebsd.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/arc4random_freebsd.h,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 arc4random_freebsd.h
--- arc4random_freebsd.h 11 Sep 2015 11:52:55 -0000 1.3
+++ arc4random_freebsd.h 30 Jun 2016 11:28:18 -0000
@@ -78,6 +78,7 @@ _rs_allocate(struct _rs **rsp, struct _r
if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
munmap(*rsp, sizeof(**rsp));
+ *rsp = NULL;
return (-1);
}
Index: arc4random_hpux.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/arc4random_hpux.h,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 arc4random_hpux.h
--- arc4random_hpux.h 15 Jan 2015 06:57:18 -0000 1.2
+++ arc4random_hpux.h 30 Jun 2016 11:28:18 -0000
@@ -72,6 +72,7 @@ _rs_allocate(struct _rs **rsp, struct _r
if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
munmap(*rsp, sizeof(**rsp));
+ *rsp = NULL;
return (-1);
}
Index: arc4random_linux.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/arc4random_linux.h,v
retrieving revision 1.10
diff -u -p -u -p -r1.10 arc4random_linux.h
--- arc4random_linux.h 4 Jan 2016 02:04:56 -0000 1.10
+++ arc4random_linux.h 30 Jun 2016 11:28:18 -0000
@@ -79,6 +79,7 @@ _rs_allocate(struct _rs **rsp, struct _r
if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
munmap(*rsp, sizeof(**rsp));
+ *rsp = NULL;
return (-1);
}
Index: arc4random_netbsd.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/arc4random_netbsd.h,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 arc4random_netbsd.h
--- arc4random_netbsd.h 11 Sep 2015 11:52:55 -0000 1.2
+++ arc4random_netbsd.h 30 Jun 2016 11:28:18 -0000
@@ -78,6 +78,7 @@ _rs_allocate(struct _rs **rsp, struct _r
if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
munmap(*rsp, sizeof(**rsp));
+ *rsp = NULL;
return (-1);
}
Index: arc4random_osx.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/arc4random_osx.h,v
retrieving revision 1.10
diff -u -p -u -p -r1.10 arc4random_osx.h
--- arc4random_osx.h 11 Sep 2015 11:52:55 -0000 1.10
+++ arc4random_osx.h 30 Jun 2016 11:28:18 -0000
@@ -72,6 +72,7 @@ _rs_allocate(struct _rs **rsp, struct _r
if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
munmap(*rsp, sizeof(**rsp));
+ *rsp = NULL;
return (-1);
}
Index: arc4random_solaris.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/arc4random_solaris.h,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 arc4random_solaris.h
--- arc4random_solaris.h 15 Jan 2015 06:57:18 -0000 1.9
+++ arc4random_solaris.h 30 Jun 2016 11:28:18 -0000
@@ -72,6 +72,7 @@ _rs_allocate(struct _rs **rsp, struct _r
if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
munmap(*rsp, sizeof(**rsp));
+ *rsp = NULL;
return (-1);
}
Index: arc4random_win.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/crypto/arc4random_win.h,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 arc4random_win.h
--- arc4random_win.h 15 Jan 2015 06:57:18 -0000 1.5
+++ arc4random_win.h 30 Jun 2016 11:28:18 -0000
@@ -52,13 +52,16 @@ _getentropy_fail(void)
static inline int
_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
{
- *rsp = calloc(1, sizeof(**rsp));
+ *rsp = VirtualAlloc(NULL, sizeof(**rsp),
+ MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (*rsp == NULL)
return (-1);
- *rsxp = calloc(1, sizeof(**rsxp));
+ *rsxp = VirtualAlloc(NULL, sizeof(**rsxp),
+ MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (*rsxp == NULL) {
- free(*rsp);
+ VirtualFree(*rsp, 0, MEM_RELEASE);
+ *rsp = NULL;
return (-1);
}
return (0);
