security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Code Activity

common: Avoid excessive stack use.

Browse Source 
* common/exectool.c (copy_buffer_shred): Make passing NULL a nop.
(gnupg_exec_tool_stream): Allocate copy buffers from the heap.

Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2016-07-26 14:49:02 +02:00
parent 35132a8b11
commit b3610badf6
1 changed files with 39 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
common/exectool.c
View File

@ -214,6 +214,8 @@ copy_buffer_init (struct copy_buffer *c)
static void static void
copy_buffer_shred (struct copy_buffer *c) copy_buffer_shred (struct copy_buffer *c)
{ {
if (c == NULL)
return;
wipememory (c->buffer, sizeof c->buffer); wipememory (c->buffer, sizeof c->buffer);
c->writep = NULL; c->writep = NULL;
c->nread = ~0U; c->nread = ~0U;
@ -316,13 +318,34 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
int argsaveidx; int argsaveidx;
int count; int count;
read_and_log_buffer_t fderrstate; read_and_log_buffer_t fderrstate;
struct copy_buffer cpbuf_in, cpbuf_out, cpbuf_extra; /* Fixme: malloc them. */ struct copy_buffer *cpbuf_in = NULL, *cpbuf_out = NULL, *cpbuf_extra = NULL;
memset (fds, 0, sizeof fds); memset (fds, 0, sizeof fds);
memset (&fderrstate, 0, sizeof fderrstate); memset (&fderrstate, 0, sizeof fderrstate);
copy_buffer_init (&cpbuf_in);
copy_buffer_init (&cpbuf_out); cpbuf_in = xtrymalloc (sizeof *cpbuf_in);
copy_buffer_init (&cpbuf_extra); if (cpbuf_in == NULL)
{
err = my_error_from_syserror ();
goto leave;
}
copy_buffer_init (cpbuf_in);
cpbuf_out = xtrymalloc (sizeof *cpbuf_out);
if (cpbuf_out == NULL)
{
err = my_error_from_syserror ();
goto leave;
}
copy_buffer_init (cpbuf_out);
cpbuf_extra = xtrymalloc (sizeof *cpbuf_extra);
if (cpbuf_extra == NULL)
{
err = my_error_from_syserror ();
goto leave;
}
copy_buffer_init (cpbuf_extra);
fderrstate.pgmname = pgmname; fderrstate.pgmname = pgmname;
fderrstate.status_cb = status_cb; fderrstate.status_cb = status_cb;
@ -408,7 +431,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
if (fds[0].got_write) if (fds[0].got_write)
{ {
err = copy_buffer_do_copy (&cpbuf_in, input, fds[0].stream); err = copy_buffer_do_copy (cpbuf_in, input, fds[0].stream);
if (err) if (err)
{ {
log_error ("error feeding data to '%s': %s\n", log_error ("error feeding data to '%s': %s\n",
@ -418,7 +441,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
if (es_feof (input)) if (es_feof (input))
{ {
err = copy_buffer_flush (&cpbuf_in, fds[0].stream); err = copy_buffer_flush (cpbuf_in, fds[0].stream);
if (err) if (err)
{ {
log_error ("error feeding data to '%s': %s\n", log_error ("error feeding data to '%s': %s\n",
@ -434,7 +457,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
if (fds[3].got_write) if (fds[3].got_write)
{ {
log_assert (inextra); log_assert (inextra);
err = copy_buffer_do_copy (&cpbuf_extra, inextra, fds[3].stream); err = copy_buffer_do_copy (cpbuf_extra, inextra, fds[3].stream);
if (err) if (err)
{ {
log_error ("error feeding data to '%s': %s\n", log_error ("error feeding data to '%s': %s\n",
@ -444,7 +467,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
if (es_feof (inextra)) if (es_feof (inextra))
{ {
err = copy_buffer_flush (&cpbuf_extra, fds[3].stream); err = copy_buffer_flush (cpbuf_extra, fds[3].stream);
if (err) if (err)
{ {
log_error ("error feeding data to '%s': %s\n", log_error ("error feeding data to '%s': %s\n",
@ -459,7 +482,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
if (fds[1].got_read) if (fds[1].got_read)
{ {
err = copy_buffer_do_copy (&cpbuf_out, fds[1].stream, output); err = copy_buffer_do_copy (cpbuf_out, fds[1].stream, output);
if (err) if (err)
{ {
log_error ("error reading data from '%s': %s\n", log_error ("error reading data from '%s': %s\n",
@ -469,7 +492,7 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
if (es_feof (fds[1].stream)) if (es_feof (fds[1].stream))
{ {
err = copy_buffer_flush (&cpbuf_out, output); err = copy_buffer_flush (cpbuf_out, output);
if (err) if (err)
{ {
log_error ("error reading data from '%s': %s\n", log_error ("error reading data from '%s': %s\n",
@ -506,10 +529,12 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
gnupg_wait_process (pgmname, pid, 1, NULL); gnupg_wait_process (pgmname, pid, 1, NULL);
gnupg_release_process (pid); gnupg_release_process (pid);
copy_buffer_shred (&cpbuf_in); copy_buffer_shred (cpbuf_in);
copy_buffer_shred (&cpbuf_out); xfree (cpbuf_in);
if (inextra) copy_buffer_shred (cpbuf_out);
copy_buffer_shred (&cpbuf_extra); xfree (cpbuf_out);
copy_buffer_shred (cpbuf_extra);
xfree (cpbuf_extra);
xfree (fderrstate.buffer); xfree (fderrstate.buffer);
return err; return err;
} }