diff options
| -rw-r--r-- | NEWS | 19 | ||||
| -rw-r--r-- | src/estream.c | 52 | ||||
| -rw-r--r-- | src/gpgrt-int.h | 1 |
3 files changed, 62 insertions, 10 deletions
@@ -4,12 +4,29 @@ Noteworthy changes in version 1.48 (unreleased) [C34/A34/R_] * New configure option --with-libtool-modification. [T6619] * New option parser flag to detect commands given without a double - dash. There is also the new meta command [command-mode] to set + dash. There is also the new meta command "command-mode" to set this flag via a config file. [T6978] + * Added an es_fopen mode flag "sequential" with support on Windows. + [rE7a42ff0ec9] + + * Added an es_fopen mode flag "wipe" to cleanup internal buffers at + close time. [T6954] + + * New function gpgrt_wipememory. [T6964] + + * Improvements to setenv on Windows. [rE89e53ad90f] + + * Fixed call to estream-printf string filters. [T6737] + + * Many improvements to the yat2m tool. + + * Updates to the build system. + * Interface changes relative to the 1.47 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ARGPARSE_FLAG_COMMAND NEW. + gpgrt_wipememory NEW. Release-info: https://dev.gnupg.org/T6441 diff --git a/src/estream.c b/src/estream.c index d83b746..66ebc4b 100644 --- a/src/estream.c +++ b/src/estream.c @@ -227,6 +227,18 @@ mem_free (void *p) } +static void +mem_free2 (void *p, size_t n, int with_wipe) +{ + if (p) + { + if (with_wipe) + _gpgrt_wipememory (p, n); + _gpgrt_free (p); + } +} + + /* * A Windows helper function to map a W32 API error code to a standard * system error code. That actually belong into sysutils but to allow @@ -624,6 +636,7 @@ typedef struct estream_cookie_mem size_t block_size; /* Block size. */ struct { unsigned int grow: 1; /* MEMORY is allowed to grow. */ + unsigned int wipe: 1; /* MEMORY shall be wiped. */ } flags; func_realloc_t func_realloc; func_free_t func_free; @@ -632,7 +645,7 @@ typedef struct estream_cookie_mem /* * Create function for memory objects. DATA is either NULL or a user - * supplied buffer with the initial conetnt of the memory buffer. If + * supplied buffer with the initial content of the memory buffer. If * DATA is NULL, DATA_N and DATA_LEN need to be 0 as well. If DATA is * not NULL, DATA_N gives the allocated size of DATA and DATA_LEN the * used length in DATA. If this function succeeds DATA is now owned @@ -643,7 +656,7 @@ static int func_mem_create (void *_GPGRT__RESTRICT *_GPGRT__RESTRICT cookie, unsigned char *_GPGRT__RESTRICT data, size_t data_n, size_t data_len, - size_t block_size, unsigned int grow, + size_t block_size, unsigned int grow, unsigned int wipe, func_realloc_t func_realloc, func_free_t func_free, unsigned int modeflags, size_t memory_limit) @@ -683,6 +696,7 @@ func_mem_create (void *_GPGRT__RESTRICT *_GPGRT__RESTRICT cookie, mem_cookie->data_len = data_len; mem_cookie->block_size = block_size; mem_cookie->flags.grow = !!grow; + mem_cookie->flags.wipe = !!wipe; mem_cookie->func_realloc = grow? (func_realloc ? func_realloc : mem_realloc) : NULL; mem_cookie->func_free = func_free ? func_free : mem_free; @@ -934,6 +948,8 @@ func_mem_destroy (void *cookie) if (cookie) { + if (mem_cookie->flags.wipe) + _gpgrt_wipememory (mem_cookie->memory, mem_cookie->memory_size); mem_cookie->func_free (mem_cookie->memory); mem_free (mem_cookie); } @@ -2049,6 +2065,7 @@ func_file_create_w32 (void **cookie, HANDLE *rethd, const char *path, #define X_SYSOPEN (1 << 1) #define X_POLLABLE (1 << 2) #define X_SEQUENTIAL (1 << 3) +#define X_WIPE (1 << 4) /* Parse the mode flags of fopen et al. In addition to the POSIX * defined mode flags keyword parameters are supported. These are @@ -2100,6 +2117,10 @@ func_file_create_w32 (void **cookie, HANDLE *rethd, const char *path, * Indicate that the file will in general be access in sequential * way. On Windows FILE_FLAG_SEQUENTIAL_SCAN will thus be used. * + * wipe + * + * Overwrites internal buffers at fclose time. + * * Note: R_CMODE is optional because is only required by functions * which are able to creat a file. */ @@ -2240,6 +2261,16 @@ parse_mode (const char *modestr, } *r_xmode |= X_SEQUENTIAL; } + else if (!strncmp (modestr, "wipe", 4)) + { + modestr += 10; + if (*modestr && !strchr (" \t,", *modestr)) + { + _set_errno (EINVAL); + return -1; + } + *r_xmode |= X_WIPE; + } } if (!got_cmode) cmode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); @@ -2436,6 +2467,7 @@ init_stream_obj (estream_t stream, stream->intern->printable_fname = NULL; stream->intern->printable_fname_inuse = 0; stream->intern->samethread = !! (xmode & X_SAMETHREAD); + stream->intern->wipe = !! (xmode & X_WIPE); stream->intern->onclose = NULL; stream->data_len = 0; @@ -2636,8 +2668,10 @@ do_close (estream_t stream, int cancel_mode, int with_locked_list) err = deinit_stream_obj (stream); destroy_stream_lock (stream); if (stream->intern->deallocate_buffer) - mem_free (stream->buffer); - mem_free (stream->intern); + mem_free2 (stream->buffer, stream->buffer_size, stream->intern->wipe); + + mem_free2 (stream->intern, sizeof (struct _gpgrt_stream_internal), + stream->intern->wipe); mem_free (stream); } else @@ -3289,7 +3323,7 @@ doreadline (estream_t _GPGRT__RESTRICT stream, size_t max_length, line_stream_cookie = NULL; err = func_mem_create (&line_stream_cookie, NULL, 0, 0, - BUFFER_BLOCK_SIZE, 1, + BUFFER_BLOCK_SIZE, 1, stream->intern->wipe, mem_realloc, mem_free, O_RDWR, 0); @@ -3455,7 +3489,7 @@ es_set_buffering (estream_t _GPGRT__RESTRICT stream, if (stream->intern->deallocate_buffer) { stream->intern->deallocate_buffer = 0; - mem_free (stream->buffer); + mem_free2 (stream->buffer, stream->buffer_size, stream->intern->wipe); stream->buffer = NULL; } @@ -3591,7 +3625,7 @@ _gpgrt_fopen (const char *_GPGRT__RESTRICT path, /* Create a new estream object in memory. If DATA is not NULL this buffer will be used as the memory buffer; thus after this functions - returns with the success the the memory at DATA belongs to the new + returns with the success the memory at DATA belongs to the new estream. The allocated length of DATA is given by DATA_LEN and its used length by DATA_N. Usually this is malloced buffer; if a static buffer is provided, the caller must pass false for GROW and @@ -3621,7 +3655,7 @@ _gpgrt_mopen (void *_GPGRT__RESTRICT data, size_t data_n, size_t data_len, goto out; err = func_mem_create (&cookie, data, data_n, data_len, - BUFFER_BLOCK_SIZE, grow, + BUFFER_BLOCK_SIZE, grow, (xmode & X_WIPE), func_realloc, func_free, modeflags, 0); if (err) goto out; @@ -3656,7 +3690,7 @@ _gpgrt_fopenmem (size_t memlimit, const char *_GPGRT__RESTRICT mode) modeflags |= O_RDWR; if (func_mem_create (&cookie, NULL, 0, 0, - BUFFER_BLOCK_SIZE, 1, + BUFFER_BLOCK_SIZE, 1, (xmode & X_WIPE), mem_realloc, mem_free, modeflags, memlimit)) return NULL; diff --git a/src/gpgrt-int.h b/src/gpgrt-int.h index 410c483..4ed64be 100644 --- a/src/gpgrt-int.h +++ b/src/gpgrt-int.h @@ -303,6 +303,7 @@ struct _gpgrt_stream_internal unsigned int stdstream_fd:2; /* 0, 1 or 2 for a standard stream. */ unsigned int printable_fname_inuse: 1; /* es_fname_get has been used. */ unsigned int samethread: 1; /* The "samethread" mode keyword. */ + unsigned int wipe: 1; /* The "wipe" mode keyword. */ size_t print_ntotal; /* Bytes written from in print_writer. */ notify_list_t onclose; /* On close notify function list. */ }; |