socsvn commit: r294582 - soc2013/def/crashdump-head/sbin/dumpon
def at FreeBSD.org
def at FreeBSD.org
Mon Nov 30 21:23:02 UTC 2015
Author: def
Date: Mon Nov 30 21:23:00 2015
New Revision: 294582
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=294582
Log:
Don't free resources but exit immediately after an error. Clear keys after use.
Modified:
soc2013/def/crashdump-head/sbin/dumpon/dumpon.c
Modified: soc2013/def/crashdump-head/sbin/dumpon/dumpon.c
==============================================================================
--- soc2013/def/crashdump-head/sbin/dumpon/dumpon.c Mon Nov 30 21:19:16 2015 (r294581)
+++ soc2013/def/crashdump-head/sbin/dumpon/dumpon.c Mon Nov 30 21:23:00 2015 (r294582)
@@ -113,56 +113,39 @@
pubkey = NULL;
fp = fopen(pubkeyfile, "r");
- if (fp == NULL) {
- warn("Unable to open %s", pubkeyfile);
- goto failed;
- }
+ if (fp == NULL)
+ err(1, "Unable to open %s", pubkeyfile);
- if (cap_enter() == -1) {
- warn("Unable to enter capability mode");
- goto failed;
- }
+ if (cap_enter() == -1)
+ err(1, "Unable to enter capability mode");
pubkey = RSA_new();
if (pubkey == NULL) {
- warnx("Unable to allocate an RSA structure: %s",
+ errx(1, "Unable to allocate an RSA structure: %s",
ERR_error_string(ERR_get_error(), NULL));
- goto failed;
}
pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL);
fclose(fp);
fp = NULL;
- if (pubkey == NULL) {
- warnx("Unable to read data from %s.", pubkeyfile);
- goto failed;
- }
+ if (pubkey == NULL)
+ errx(1, "Unable to read data from %s.", pubkeyfile);
kda->kda_encryptedkeysize = RSA_size(pubkey);
kda->kda_encryptedkey = calloc(1, kda->kda_encryptedkeysize);
- if (kda->kda_encryptedkey == NULL) {
- warn("Unable to allocate encrypted key");
- goto failed;
- }
+ if (kda->kda_encryptedkey == NULL)
+ err(1, "Unable to allocate encrypted key");
+ kda->kda_encryption = KERNELDUMP_ENC_AES_256_CBC;
arc4random_buf(kda->kda_key, sizeof(kda->kda_key));
if (RSA_public_encrypt(sizeof(kda->kda_key), kda->kda_key,
kda->kda_encryptedkey, pubkey,
RSA_PKCS1_PADDING) != (int)kda->kda_encryptedkeysize) {
- warn("Unable to encrypt the one-time key");
- goto failed;
+ errx(1, "Unable to encrypt the one-time key.");
}
RSA_free(pubkey);
- pubkey = NULL;
kda->kda_encrypt = 1;
- return;
-failed:
- if (fp != NULL)
- fclose(fp);
- free(kda->kda_encryptedkey);
- RSA_free(pubkey);
- exit(1);
}
static void
@@ -200,7 +183,6 @@
int i, fd;
int do_listdumpdev = 0;
- bzero(&kda, sizeof(kda));
pubkeyfile = NULL;
while ((ch = getopt(argc, argv, "k:lv")) != -1)
@@ -234,12 +216,15 @@
if (fd < 0)
err(EX_OSFILE, "%s", argv[0]);
check_size(fd, argv[0]);
+ bzero(&kda, sizeof(kda));
kda.kda_enable = 0;
i = ioctl(fd, DIOCSEKCD, &kda);
+ bzero(&kda, sizeof(kda));
if (pubkeyfile != NULL)
genkey(pubkeyfile, &kda);
kda.kda_enable = 1;
i = ioctl(fd, DIOCSEKCD, &kda);
+ bzero(kda.kda_encryptedkey, kda.kda_encryptedkeysize);
free(kda.kda_encryptedkey);
bzero(&kda, sizeof(kda));
if (i == 0 && verbose)
More information about the svn-soc-all
mailing list