on 09/02/2013 17:04 Andrey Zonov said the following: > On 2/9/13 5:07 PM, Fabian Keil wrote: >> >> This would at least prevent the segfault. >> > > I see two possibilities to get segfault: > - no checking for result from memory allocation functions > - too big stack > > I have no found any broken memory allocation checking, but I found two > big objects on the stack. One is buf[MAXPHYS] in eli_genkey_files() and > another is passbuf[MAXPHYS] in eli_genkey_passphrase(). If we change > these two to malloc(), then we can handle error from malloc(), print > some useful message and prevent segfault. I'd rather do what Kostik suggested and Fabian mentioned: instead of mlockall(MCL_FUTURE) the code should mlock only the (explicitly designated) buffers that can contain sensitive data. -- Andriy GaponReceived on Sat Feb 09 2013 - 15:00:57 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:34 UTC