openbsd/ports
1
0
Fork 0
mirror of https://github.com/openbsd/ports.git synced 2026-06-18 15:33:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
ports/security/opensc/patches/patch-src_libopensc_sc_c
T
kn 98ddea3bf5 update to opensc 0.27.1
2026-05-16 19:52:15 +00:00

36 lines
975 B
Plaintext
Raw Permalink Blame History

Avoid mlock(2); not really useful unless non-default vm.swapencrypt.enable=0
is used, and prevents opensc being used by pledge(2)'d callers.
Belt and braces with mmap(2) MAP_CONCEAL: upstream already uses
explicit_bzero(3), but we might as well use this which conceals secure
allocations from dumps.
Index: src/libopensc/sc.c
--- src/libopensc/sc.c.orig
+++ src/libopensc/sc.c
@@ -906,10 +906,14 @@ void *sc_mem_secure_alloc(size_t len)
VirtualLock(p, len);
}
#else
+# ifdef __OpenBSD__
+ p = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_CONCEAL, -1, 0);
+# else
p = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (p != NULL) {
mlock(p, len);
}
+# endif
#endif
return p;
@@ -921,7 +925,9 @@ void sc_mem_secure_free(void *ptr, size_t len)
VirtualUnlock(ptr, len);
VirtualFree(ptr, 0, MEM_RELEASE);
#else
+# ifndef __OpenBSD__
munlock(ptr, len);
+# endif
munmap(ptr, len);
#endif
}
Reference in New Issue View Git Blame Copy Permalink