socsvn commit: r294582 - soc2013/def/crashdump-head/sbin/dumpon

[def at FreeBSD.org]

Author: def
Date: Mon Nov 30 21:23:00 2015
New Revision: 294582
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=294582

Log:
  Don't free resources but exit immediately after an error. Clear keys after use.

Modified:
  soc2013/def/crashdump-head/sbin/dumpon/dumpon.c

Modified: soc2013/def/crashdump-head/sbin/dumpon/dumpon.c
==============================================================================
--- soc2013/def/crashdump-head/sbin/dumpon/dumpon.c	Mon Nov 30 21:19:16 2015	(r294581)
+++ soc2013/def/crashdump-head/sbin/dumpon/dumpon.c	Mon Nov 30 21:23:00 2015	(r294582)
@@ -113,56 +113,39 @@
 	pubkey = NULL;
 
 	fp = fopen(pubkeyfile, "r");
-	if (fp == NULL) {
-		warn("Unable to open %s", pubkeyfile);
-		goto failed;
-	}
+	if (fp == NULL)
+		err(1, "Unable to open %s", pubkeyfile);
 
-	if (cap_enter() == -1) {
-		warn("Unable to enter capability mode");
-		goto failed;
-	}
+	if (cap_enter() == -1)
+		err(1, "Unable to enter capability mode");
 
 	pubkey = RSA_new();
 	if (pubkey == NULL) {
-		warnx("Unable to allocate an RSA structure: %s",
+		errx(1, "Unable to allocate an RSA structure: %s",
 		    ERR_error_string(ERR_get_error(), NULL));
-		goto failed;
 	}
 
 	pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL);
 	fclose(fp);
 	fp = NULL;
-	if (pubkey == NULL) {
-		warnx("Unable to read data from %s.", pubkeyfile);
-		goto failed;
-	}
+	if (pubkey == NULL)
+		errx(1, "Unable to read data from %s.", pubkeyfile);
 
 	kda->kda_encryptedkeysize = RSA_size(pubkey);
 	kda->kda_encryptedkey = calloc(1, kda->kda_encryptedkeysize);
-	if (kda->kda_encryptedkey == NULL) {
-		warn("Unable to allocate encrypted key");
-		goto failed;
-	}
+	if (kda->kda_encryptedkey == NULL)
+		err(1, "Unable to allocate encrypted key");
 
+	kda->kda_encryption = KERNELDUMP_ENC_AES_256_CBC;
 	arc4random_buf(kda->kda_key, sizeof(kda->kda_key));
 	if (RSA_public_encrypt(sizeof(kda->kda_key), kda->kda_key,
 	    kda->kda_encryptedkey, pubkey,
 	    RSA_PKCS1_PADDING) != (int)kda->kda_encryptedkeysize) {
-		warn("Unable to encrypt the one-time key");
-		goto failed;
+		errx(1, "Unable to encrypt the one-time key.");
 	}
 	RSA_free(pubkey);
-	pubkey = NULL;
 
 	kda->kda_encrypt = 1;
-	return;
-failed:
-	if (fp != NULL)
-		fclose(fp);
-	free(kda->kda_encryptedkey);
-	RSA_free(pubkey);
-	exit(1);
 }
 
 static void
@@ -200,7 +183,6 @@
 	int i, fd;
 	int do_listdumpdev = 0;
 
-	bzero(&kda, sizeof(kda));
 	pubkeyfile = NULL;
 
 	while ((ch = getopt(argc, argv, "k:lv")) != -1)
@@ -234,12 +216,15 @@
 		if (fd < 0)
 			err(EX_OSFILE, "%s", argv[0]);
 		check_size(fd, argv[0]);
+		bzero(&kda, sizeof(kda));
 		kda.kda_enable = 0;
 		i = ioctl(fd, DIOCSEKCD, &kda);
+		bzero(&kda, sizeof(kda));
 		if (pubkeyfile != NULL)
 			genkey(pubkeyfile, &kda);
 		kda.kda_enable = 1;
 		i = ioctl(fd, DIOCSEKCD, &kda);
+		bzero(kda.kda_encryptedkey, kda.kda_encryptedkeysize);
 		free(kda.kda_encryptedkey);
 		bzero(&kda, sizeof(kda));
 		if (i == 0 && verbose)