Date: Mon, 30 Nov 2015 21:23:01 GMT From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r294582 - soc2013/def/crashdump-head/sbin/dumpon Message-ID: <201511302123.tAULN1wv057301@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: def Date: Mon Nov 30 21:23:00 2015 New Revision: 294582 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=294582 Log: Don't free resources but exit immediately after an error. Clear keys after use. Modified: soc2013/def/crashdump-head/sbin/dumpon/dumpon.c Modified: soc2013/def/crashdump-head/sbin/dumpon/dumpon.c ============================================================================== --- soc2013/def/crashdump-head/sbin/dumpon/dumpon.c Mon Nov 30 21:19:16 2015 (r294581) +++ soc2013/def/crashdump-head/sbin/dumpon/dumpon.c Mon Nov 30 21:23:00 2015 (r294582) @@ -113,56 +113,39 @@ pubkey = NULL; fp = fopen(pubkeyfile, "r"); - if (fp == NULL) { - warn("Unable to open %s", pubkeyfile); - goto failed; - } + if (fp == NULL) + err(1, "Unable to open %s", pubkeyfile); - if (cap_enter() == -1) { - warn("Unable to enter capability mode"); - goto failed; - } + if (cap_enter() == -1) + err(1, "Unable to enter capability mode"); pubkey = RSA_new(); if (pubkey == NULL) { - warnx("Unable to allocate an RSA structure: %s", + errx(1, "Unable to allocate an RSA structure: %s", ERR_error_string(ERR_get_error(), NULL)); - goto failed; } pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL); fclose(fp); fp = NULL; - if (pubkey == NULL) { - warnx("Unable to read data from %s.", pubkeyfile); - goto failed; - } + if (pubkey == NULL) + errx(1, "Unable to read data from %s.", pubkeyfile); kda->kda_encryptedkeysize = RSA_size(pubkey); kda->kda_encryptedkey = calloc(1, kda->kda_encryptedkeysize); - if (kda->kda_encryptedkey == NULL) { - warn("Unable to allocate encrypted key"); - goto failed; - } + if (kda->kda_encryptedkey == NULL) + err(1, "Unable to allocate encrypted key"); + kda->kda_encryption = KERNELDUMP_ENC_AES_256_CBC; arc4random_buf(kda->kda_key, sizeof(kda->kda_key)); if (RSA_public_encrypt(sizeof(kda->kda_key), kda->kda_key, kda->kda_encryptedkey, pubkey, RSA_PKCS1_PADDING) != (int)kda->kda_encryptedkeysize) { - warn("Unable to encrypt the one-time key"); - goto failed; + errx(1, "Unable to encrypt the one-time key."); } RSA_free(pubkey); - pubkey = NULL; kda->kda_encrypt = 1; - return; -failed: - if (fp != NULL) - fclose(fp); - free(kda->kda_encryptedkey); - RSA_free(pubkey); - exit(1); } static void @@ -200,7 +183,6 @@ int i, fd; int do_listdumpdev = 0; - bzero(&kda, sizeof(kda)); pubkeyfile = NULL; while ((ch = getopt(argc, argv, "k:lv")) != -1) @@ -234,12 +216,15 @@ if (fd < 0) err(EX_OSFILE, "%s", argv[0]); check_size(fd, argv[0]); + bzero(&kda, sizeof(kda)); kda.kda_enable = 0; i = ioctl(fd, DIOCSEKCD, &kda); + bzero(&kda, sizeof(kda)); if (pubkeyfile != NULL) genkey(pubkeyfile, &kda); kda.kda_enable = 1; i = ioctl(fd, DIOCSEKCD, &kda); + bzero(kda.kda_encryptedkey, kda.kda_encryptedkeysize); free(kda.kda_encryptedkey); bzero(&kda, sizeof(kda)); if (i == 0 && verbose)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201511302123.tAULN1wv057301>