2019-01-16 18:33:22 +01:00
|
|
|
/* Copyright (c) 2015-2019, The Tor Project, Inc. */
|
2017-10-27 16:59:36 +02:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
|
2016-07-28 16:47:46 +02:00
|
|
|
#include "orconfig.h"
|
2018-07-05 21:04:18 +02:00
|
|
|
#include "lib/crypt_ops/crypto_util.h"
|
|
|
|
|
|
|
|
|
|
#include "lib/intmath/cmp.h"
|
2018-07-10 21:16:57 +02:00
|
|
|
#include "lib/malloc/malloc.h"
|
2018-07-05 21:04:18 +02:00
|
|
|
|
2015-03-19 20:28:22 +01:00
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
2018-12-23 21:51:45 +01:00
|
|
|
#ifdef HAVE_SYS_PARAM_H
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-03-19 20:28:22 +01:00
|
|
|
static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
|
|
|
|
|
static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
|
|
|
|
|
static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
|
|
|
|
|
static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
|
|
|
|
|
static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
|
|
|
|
|
static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
|
|
|
|
|
static unsigned check_a_buffer(void) __attribute__((noinline));
|
|
|
|
|
|
2016-06-02 15:46:12 +02:00
|
|
|
extern const char *s; /* Make the linkage global */
|
2015-03-19 20:28:22 +01:00
|
|
|
const char *s = NULL;
|
|
|
|
|
|
2015-05-29 19:50:12 +02:00
|
|
|
#define BUF_LEN 2048
|
|
|
|
|
|
2015-03-19 20:28:22 +01:00
|
|
|
#define FILL_BUFFER_IMPL() \
|
|
|
|
|
unsigned int i; \
|
|
|
|
|
unsigned sum = 0; \
|
|
|
|
|
\
|
|
|
|
|
/* Fill up a 1k buffer with a recognizable pattern. */ \
|
2015-05-29 19:50:12 +02:00
|
|
|
for (i = 0; i < BUF_LEN; i += strlen(s)) { \
|
|
|
|
|
memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i)); \
|
2015-03-19 20:28:22 +01:00
|
|
|
} \
|
|
|
|
|
\
|
|
|
|
|
/* Use the buffer as input to a computation so the above can't get */ \
|
|
|
|
|
/* optimized away. */ \
|
2015-05-29 19:50:12 +02:00
|
|
|
for (i = 0; i < BUF_LEN; ++i) { \
|
2015-03-19 20:28:22 +01:00
|
|
|
sum += (unsigned char)buf[i]; \
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-01 19:50:38 +02:00
|
|
|
#ifdef OpenBSD
|
2016-09-08 15:00:24 +02:00
|
|
|
/* Disable some of OpenBSD's malloc protections for this test. This helps
|
|
|
|
|
* us do bad things, such as access freed buffers, without crashing. */
|
2019-01-21 23:33:32 +01:00
|
|
|
extern const char *malloc_options;
|
|
|
|
|
const char *malloc_options = "sufjj";
|
2016-09-08 15:00:24 +02:00
|
|
|
#endif
|
|
|
|
|
|
2015-03-19 20:28:22 +01:00
|
|
|
static unsigned
|
|
|
|
|
fill_a_buffer_memset(void)
|
|
|
|
|
{
|
2015-05-29 19:50:12 +02:00
|
|
|
char buf[BUF_LEN];
|
2015-03-19 20:28:22 +01:00
|
|
|
FILL_BUFFER_IMPL()
|
|
|
|
|
memset(buf, 0, sizeof(buf));
|
|
|
|
|
return sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned
|
|
|
|
|
fill_a_buffer_memwipe(void)
|
|
|
|
|
{
|
2015-05-29 19:50:12 +02:00
|
|
|
char buf[BUF_LEN];
|
2015-03-19 20:28:22 +01:00
|
|
|
FILL_BUFFER_IMPL()
|
|
|
|
|
memwipe(buf, 0, sizeof(buf));
|
|
|
|
|
return sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned
|
|
|
|
|
fill_a_buffer_nothing(void)
|
|
|
|
|
{
|
2015-05-29 19:50:12 +02:00
|
|
|
char buf[BUF_LEN];
|
2015-03-19 20:28:22 +01:00
|
|
|
FILL_BUFFER_IMPL()
|
|
|
|
|
return sum;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-10 16:19:43 +01:00
|
|
|
static inline int
|
2015-03-19 20:28:22 +01:00
|
|
|
vmemeq(volatile char *a, const char *b, size_t n)
|
|
|
|
|
{
|
|
|
|
|
while (n--) {
|
|
|
|
|
if (*a++ != *b++)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned
|
|
|
|
|
check_a_buffer(void)
|
|
|
|
|
{
|
|
|
|
|
unsigned int i;
|
2017-08-13 17:55:45 +02:00
|
|
|
volatile char buf[BUF_LEN];
|
2015-03-19 20:28:22 +01:00
|
|
|
unsigned sum = 0;
|
|
|
|
|
|
|
|
|
|
/* See if this buffer has the string in it.
|
|
|
|
|
|
|
|
|
|
YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
|
|
|
|
|
BUFFER.
|
|
|
|
|
|
|
|
|
|
If you know a better way to figure out whether the compiler eliminated
|
|
|
|
|
the memset/memwipe calls or not, please let me know.
|
|
|
|
|
*/
|
2015-05-29 19:50:12 +02:00
|
|
|
for (i = 0; i < BUF_LEN - strlen(s); ++i) {
|
2015-03-19 20:28:22 +01:00
|
|
|
if (vmemeq(buf+i, s, strlen(s)))
|
|
|
|
|
++sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static char *heap_buf = NULL;
|
|
|
|
|
|
|
|
|
|
static unsigned
|
|
|
|
|
fill_heap_buffer_memset(void)
|
|
|
|
|
{
|
checkSpace.pl now forbids more identifiers.
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 18:35:37 +02:00
|
|
|
char *buf = heap_buf = raw_malloc(BUF_LEN);
|
2015-03-19 20:28:22 +01:00
|
|
|
FILL_BUFFER_IMPL()
|
2015-05-29 19:50:12 +02:00
|
|
|
memset(buf, 0, BUF_LEN);
|
checkSpace.pl now forbids more identifiers.
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 18:35:37 +02:00
|
|
|
raw_free(buf);
|
2015-03-19 20:28:22 +01:00
|
|
|
return sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned
|
|
|
|
|
fill_heap_buffer_memwipe(void)
|
|
|
|
|
{
|
checkSpace.pl now forbids more identifiers.
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 18:35:37 +02:00
|
|
|
char *buf = heap_buf = raw_malloc(BUF_LEN);
|
2015-03-19 20:28:22 +01:00
|
|
|
FILL_BUFFER_IMPL()
|
2015-05-29 19:50:12 +02:00
|
|
|
memwipe(buf, 0, BUF_LEN);
|
checkSpace.pl now forbids more identifiers.
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 18:35:37 +02:00
|
|
|
raw_free(buf);
|
2015-03-19 20:28:22 +01:00
|
|
|
return sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned
|
|
|
|
|
fill_heap_buffer_nothing(void)
|
|
|
|
|
{
|
checkSpace.pl now forbids more identifiers.
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 18:35:37 +02:00
|
|
|
char *buf = heap_buf = raw_malloc(BUF_LEN);
|
2015-03-19 20:28:22 +01:00
|
|
|
FILL_BUFFER_IMPL()
|
checkSpace.pl now forbids more identifiers.
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 18:35:37 +02:00
|
|
|
raw_free(buf);
|
2015-03-19 20:28:22 +01:00
|
|
|
return sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned
|
|
|
|
|
check_heap_buffer(void)
|
|
|
|
|
{
|
|
|
|
|
unsigned int i;
|
|
|
|
|
unsigned sum = 0;
|
|
|
|
|
volatile char *buf = heap_buf;
|
|
|
|
|
|
|
|
|
|
/* See if this buffer has the string in it.
|
|
|
|
|
|
|
|
|
|
YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
|
|
|
|
|
|
|
|
|
|
If you know a better way to figure out whether the compiler eliminated
|
|
|
|
|
the memset/memwipe calls or not, please let me know.
|
|
|
|
|
*/
|
2015-05-29 19:50:12 +02:00
|
|
|
for (i = 0; i < BUF_LEN - strlen(s); ++i) {
|
2015-03-19 20:28:22 +01:00
|
|
|
if (vmemeq(buf+i, s, strlen(s)))
|
|
|
|
|
++sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return sum;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct testcase {
|
|
|
|
|
const char *name;
|
2015-04-15 11:42:41 +02:00
|
|
|
/* this spacing satisfies make check-spaces */
|
|
|
|
|
unsigned
|
|
|
|
|
(*fill_fn)(void);
|
|
|
|
|
unsigned
|
|
|
|
|
(*check_fn)(void);
|
2015-03-19 20:28:22 +01:00
|
|
|
} testcases[] = {
|
|
|
|
|
{ "nil", fill_a_buffer_nothing, check_a_buffer },
|
|
|
|
|
{ "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
|
|
|
|
|
{ "memset", fill_a_buffer_memset, check_a_buffer },
|
|
|
|
|
{ "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
|
|
|
|
|
{ "memwipe", fill_a_buffer_memwipe, check_a_buffer },
|
|
|
|
|
{ "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
|
|
|
|
|
{ NULL, NULL, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main(int argc, char **argv)
|
|
|
|
|
{
|
|
|
|
|
unsigned x, x2;
|
|
|
|
|
int i;
|
|
|
|
|
int working = 1;
|
|
|
|
|
unsigned found[6];
|
|
|
|
|
(void) argc; (void) argv;
|
|
|
|
|
|
|
|
|
|
s = "squamous haberdasher gallimaufry";
|
|
|
|
|
|
|
|
|
|
memset(found, 0, sizeof(found));
|
|
|
|
|
|
|
|
|
|
for (i = 0; testcases[i].name; ++i) {
|
|
|
|
|
x = testcases[i].fill_fn();
|
|
|
|
|
found[i] = testcases[i].check_fn();
|
|
|
|
|
|
|
|
|
|
x2 = fill_a_buffer_nothing();
|
|
|
|
|
|
|
|
|
|
if (x != x2) {
|
|
|
|
|
working = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!working || !found[0] || !found[1]) {
|
|
|
|
|
printf("It appears that this test case may not give you reliable "
|
|
|
|
|
"information. Sorry.\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!found[2] && !found[3]) {
|
|
|
|
|
printf("It appears that memset is good enough on this platform. Good.\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (found[4] || found[5]) {
|
|
|
|
|
printf("ERROR: memwipe does not wipe data!\n");
|
|
|
|
|
return 1;
|
|
|
|
|
} else {
|
2015-04-24 10:19:22 +02:00
|
|
|
printf("OKAY: memwipe seems to work.\n");
|
2015-03-19 20:28:22 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
