imapfilter/imapfilter/memory.c

#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <string.h>
#include <errno.h>
#include <sys/mman.h>
#include <sys/time.h>
#include <sys/resource.h>


#include "config.h"
#include "imapfilter.h"


extern unsigned int options;
#ifdef MEMORY_LOCK
extern uid_t ruid, euid;
#endif

static secmem_t *smem = NULL;   /* First node of secure memory linked list. */


/*
 * A malloc() that checks the results and dies in case of error.
 */
void *xmalloc(size_t size)
{
    void *ptr;

    ptr = (void *)malloc(size);

    if (!ptr)
        fatal(ERROR_MEMORY_ALLOCATION,
              "imapfilter: allocating memory; %s\n", strerror(errno));

    return ptr;
}


/*
 * A realloc() that checks the results and dies in case of error.
 */
void *xrealloc(void *ptr, size_t size)
{
    ptr = (void *)realloc(ptr, size);

    if (!ptr)
        fatal(ERROR_MEMORY_ALLOCATION,
              "imapfilter: allocating memory; %s\n", strerror(errno));

    return ptr;
}


/*
 * A free() that dies if fed with NULL pointer.
 */
void xfree(void *ptr)
{
    if (!ptr)
        fatal(ERROR_MEMORY_ALLOCATION,
              "imapfilter: NULL pointer given as argument");
    free(ptr);
}


/*
 * A strdup() that checks the results and dies in case of error.
 */
char *xstrdup(const char *s)
{
    char *cp;

    cp = strdup(s);

    if (!cp)
        fatal(ERROR_MEMORY_ALLOCATION,
              "imapfilter: allocating memory; %s\n", strerror(errno));

    return cp;
}


/*
 * Secure memory malloc().  Locks memory and keeps information about the
 * chunk that was allocated.
 */
void *smalloc(size_t size)
{
#ifdef MEMORY_LOCK
    int r;
    static int w = 0;
#endif
    void *ptr;
    secmem_t *node;

    ptr = xmalloc(size);

#ifdef MEMORY_LOCK
    seteuid(euid);              /* Gain root privileges. */
    r = mlock(ptr, size);
    seteuid(ruid);              /* Drop root privileges. */

    if (getuid() != geteuid())
        fatal(ERROR_SETUID, "imapfilter: failed to drop privileges\n");


    if (options & OPTION_WARNING && r && !w) {
        error("imapfilter: warning: using insecure memory\n");
        w = 1;
    }
#endif
    node = (secmem_t *) xmalloc(sizeof(secmem_t));

    node->buf = ptr;
    node->size = size;
    node->prev = node->next = NULL;

    secmem_append(node);

    return ptr;
}


/*
 * Secure memory realloc().  Resize memory by allocating a new memory chunk
 * and NULL fill old memory, in order to protect sensitive data.
 */
void *srealloc(void *ptr, size_t size)
{
    void *p;
    secmem_t *node;

    if (!(node = (secmem_t *) secmem_find(ptr))) {
        ptr = xrealloc(ptr, size);
        return ptr;
    }
    p = smalloc(size);
    memcpy(p, node->buf, min(node->size, size));

    memset(node->buf, 0, node->size);
    secmem_remove(node);
    xfree(node->buf);
    xfree(node);

    return p;
}


/*
 * Secure memory free().  NULL fill memory before freeing it.
 */
void sfree(void *ptr)
{
    secmem_t *node;

    if (!(node = (secmem_t *) secmem_find(ptr))) {
        xfree(ptr);
        return;
    }
    memset(node->buf, 0, node->size);

    secmem_remove(node);
    xfree(node->buf);
    xfree(node);
}


/*
 * Secure memory strdup().  Uses secure memory allocation.
 */
char *sstrdup(const char *s)
{
    char *p;

    p = (char *)smalloc(strlen(s) + 1);
    xstrncpy(p, s, strlen(s));

    return p;
}


/*
 * Append information about the newly allocated memory buffer.
 */
void secmem_append(secmem_t * node)
{
    secmem_t *pos;
    secmem_t **app;

    app = &smem;
    pos = smem;

    while (pos) {
        node->prev = pos;
        app = &(pos->next);
        pos = pos->next;
    }

    *app = node;
}


/*
 * Find the record of a memory buffer in the secure memory linked list.
 */
secmem_t *secmem_find(void *ptr)
{
    secmem_t *pos;

    pos = smem;

    while (pos && pos->buf != ptr)
        pos = pos->next;

    return pos;
}


/*
 * Remove a record of a secure memory buffer.
 */
void secmem_remove(secmem_t * node)
{
    if (node->prev)
        node->prev->next = node->next;
    if (node->next)
        node->next->prev = node->prev;
}


/*
 * Overwrite/clear all secure memory.
 */
void secmem_clear(void)
{
    secmem_t *p;

    for (p = smem; p; p = p->next)
        sfree(p);
}


#ifdef MEMORY_LOCK
/*
 * Lock memory of allocated buffers.
 */
void secmem_lock(void)
{
    secmem_t *p;

    seteuid(euid);              /* Gain root privileges. */
    for (p = smem; p; p = p->next)
        mlock(p->buf, p->size);
    seteuid(ruid);              /* Drop root privileges. */

    if (getuid() != geteuid())
        fatal(ERROR_SETUID, "imapfilter: failed to drop privileges\n");
}

#endif


/*
 * Disable core file dumping.
 */
void corefile_disable(void)
{
    struct rlimit rl;

    getrlimit(RLIMIT_CORE, &rl);

    rl.rlim_cur = rl.rlim_max = 0;
    setrlimit(RLIMIT_CORE, &rl);
}
1	#include <stdlib.h>
2	#include <unistd.h>
3	#include <sys/types.h>
4	#include <string.h>
5	#include <errno.h>
6	#include <sys/mman.h>
7	#include <sys/time.h>
8	#include <sys/resource.h>
9
10
11	#include "config.h"
12	#include "imapfilter.h"
13
14
15	extern unsigned int options;
16	#ifdef MEMORY_LOCK
17	extern uid_t ruid, euid;
18	#endif
19
20	static secmem_t smem = NULL; / First node of secure memory linked list. */
21
22
23	/*
24	* A malloc() that checks the results and dies in case of error.
25	*/
26	void *xmalloc(size_t size)
27	{
28	void *ptr;
29
30	ptr = (void *)malloc(size);
31
32	if (!ptr)
33	fatal(ERROR_MEMORY_ALLOCATION,
34	"imapfilter: allocating memory; %s\n", strerror(errno));
35
36	return ptr;
37	}
38
39
40	/*
41	* A realloc() that checks the results and dies in case of error.
42	*/
43	void xrealloc(void ptr, size_t size)
44	{
45	ptr = (void *)realloc(ptr, size);
46
47	if (!ptr)
48	fatal(ERROR_MEMORY_ALLOCATION,
49	"imapfilter: allocating memory; %s\n", strerror(errno));
50
51	return ptr;
52	}
53
54
55	/*
56	* A free() that dies if fed with NULL pointer.
57	*/
58	void xfree(void *ptr)
59	{
60	if (!ptr)
61	fatal(ERROR_MEMORY_ALLOCATION,
62	"imapfilter: NULL pointer given as argument");
63	free(ptr);
64	}
65
66
67	/*
68	* A strdup() that checks the results and dies in case of error.
69	*/
70	char xstrdup(const char s)
71	{
72	char *cp;
73
74	cp = strdup(s);
75
76	if (!cp)
77	fatal(ERROR_MEMORY_ALLOCATION,
78	"imapfilter: allocating memory; %s\n", strerror(errno));
79
80	return cp;
81	}
82
83
84	/*
85	* Secure memory malloc(). Locks memory and keeps information about the
86	* chunk that was allocated.
87	*/
88	void *smalloc(size_t size)
89	{
90	#ifdef MEMORY_LOCK
91	int r;
92	static int w = 0;
93	#endif
94	void *ptr;
95	secmem_t *node;
96
97	ptr = xmalloc(size);
98
99	#ifdef MEMORY_LOCK
100	seteuid(euid); /* Gain root privileges. */
101	r = mlock(ptr, size);
102	seteuid(ruid); /* Drop root privileges. */
103
104	if (getuid() != geteuid())
105	fatal(ERROR_SETUID, "imapfilter: failed to drop privileges\n");
106
107
108	if (options & OPTION_WARNING && r && !w) {
109	error("imapfilter: warning: using insecure memory\n");
110	w = 1;
111	}
112	#endif
113	node = (secmem_t *) xmalloc(sizeof(secmem_t));
114
115	node->buf = ptr;
116	node->size = size;
117	node->prev = node->next = NULL;
118
119	secmem_append(node);
120
121	return ptr;
122	}
123
124
125	/*
126	* Secure memory realloc(). Resize memory by allocating a new memory chunk
127	* and NULL fill old memory, in order to protect sensitive data.
128	*/
129	void srealloc(void ptr, size_t size)
130	{
131	void *p;
132	secmem_t *node;
133
134	if (!(node = (secmem_t *) secmem_find(ptr))) {
135	ptr = xrealloc(ptr, size);
136	return ptr;
137	}
138	p = smalloc(size);
139	memcpy(p, node->buf, min(node->size, size));
140
141	memset(node->buf, 0, node->size);
142	secmem_remove(node);
143	xfree(node->buf);
144	xfree(node);
145
146	return p;
147	}
148
149
150	/*
151	* Secure memory free(). NULL fill memory before freeing it.
152	*/
153	void sfree(void *ptr)
154	{
155	secmem_t *node;
156
157	if (!(node = (secmem_t *) secmem_find(ptr))) {
158	xfree(ptr);
159	return;
160	}
161	memset(node->buf, 0, node->size);
162
163	secmem_remove(node);
164	xfree(node->buf);
165	xfree(node);
166	}
167
168
169	/*
170	* Secure memory strdup(). Uses secure memory allocation.
171	*/
172	char sstrdup(const char s)
173	{
174	char *p;
175
176	p = (char *)smalloc(strlen(s) + 1);
177	xstrncpy(p, s, strlen(s));
178
179	return p;
180	}
181
182
183	/*
184	* Append information about the newly allocated memory buffer.
185	*/
186	void secmem_append(secmem_t * node)
187	{
188	secmem_t *pos;
189	secmem_t **app;
190
191	app = &smem;
192	pos = smem;
193
194	while (pos) {
195	node->prev = pos;
196	app = &(pos->next);
197	pos = pos->next;
198	}
199
200	*app = node;
201	}
202
203
204	/*
205	* Find the record of a memory buffer in the secure memory linked list.
206	*/
207	secmem_t secmem_find(void ptr)
208	{
209	secmem_t *pos;
210
211	pos = smem;
212
213	while (pos && pos->buf != ptr)
214	pos = pos->next;
215
216	return pos;
217	}
218
219
220	/*
221	* Remove a record of a secure memory buffer.
222	*/
223	void secmem_remove(secmem_t * node)
224	{
225	if (node->prev)
226	node->prev->next = node->next;
227	if (node->next)
228	node->next->prev = node->prev;
229	}
230
231
232	/*
233	* Overwrite/clear all secure memory.
234	*/
235	void secmem_clear(void)
236	{
237	secmem_t *p;
238
239	for (p = smem; p; p = p->next)
240	sfree(p);
241	}
242
243
244	#ifdef MEMORY_LOCK
245	/*
246	* Lock memory of allocated buffers.
247	*/
248	void secmem_lock(void)
249	{
250	secmem_t *p;
251
252	seteuid(euid); /* Gain root privileges. */
253	for (p = smem; p; p = p->next)
254	mlock(p->buf, p->size);
255	seteuid(ruid); /* Drop root privileges. */
256
257	if (getuid() != geteuid())
258	fatal(ERROR_SETUID, "imapfilter: failed to drop privileges\n");
259	}
260
261	#endif
262
263
264	/*
265	* Disable core file dumping.
266	*/
267	void corefile_disable(void)
268	{
269	struct rlimit rl;
270
271	getrlimit(RLIMIT_CORE, &rl);
272
273	rl.rlim_cur = rl.rlim_max = 0;
274	setrlimit(RLIMIT_CORE, &rl);
275	}