km
5434aa5197
重複コードの解消: - src/se050_scp03.c と src/se050_keystore.c に同じコードが 2 重に定義されていた - 共通ヘッダー include/se050_mem_protect.h を作成 - 両方のソースファイルから重複コードを削除し、ヘッダーをインクルード 変更内容: - new: include/se050_mem_protect.h - 共通メモリ保護ユーティリティ - modified: src/se050_scp03.c - 重複コード削除、ヘッダーインクルード - modified: src/se050_keystore.c - 重複コード削除、ヘッダーインクルード メリット: - コードの重複解消(DRY 原則) - 保守性向上(1 か所の修正で全適用) - ヘッダーファイルとして再利用可能
93 lines
2.5 KiB
C
93 lines
2.5 KiB
C
/**
|
|
* @file se050_mem_protect.h
|
|
* @brief Memory Protection Utilities
|
|
*
|
|
* Linux-specific memory protection functions to prevent:
|
|
* - Swapping sensitive data to disk (mlock)
|
|
* - Core dump leakage (MADV_DONTDUMP)
|
|
* - Child process leakage after fork() (MADV_WIPEONFORK)
|
|
*
|
|
* License: MIT
|
|
*/
|
|
|
|
#ifndef SE050_MEM_PROTECT_H
|
|
#define SE050_MEM_PROTECT_H
|
|
|
|
#include <stddef.h>
|
|
#include "se050_wireguard.h"
|
|
|
|
#ifdef __linux__
|
|
#include <sys/mman.h>
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#endif
|
|
|
|
/**
|
|
* @brief Protect sensitive memory from being swapped or dumped
|
|
*
|
|
* Applies multiple security measures:
|
|
* - mlock(): Prevent swapping to disk
|
|
* - MADV_DONTDUMP: Exclude from core dumps
|
|
* - MADV_WIPEONFORK: Clear in child processes after fork()
|
|
*
|
|
* @param ptr Pointer to memory region to protect
|
|
* @param size Size of memory region in bytes
|
|
* @return SE050_OK on success, SE050_ERR_FAIL on failure
|
|
*
|
|
* @note On Linux, mlock may fail due to permissions. If it fails,
|
|
* a warning is printed but the function continues (non-fatal).
|
|
* @note On non-Linux platforms, this function is a no-op.
|
|
*/
|
|
static inline se050_status_t protect_sensitive_memory(void *ptr, size_t size)
|
|
{
|
|
#ifdef __linux__
|
|
/* 1. Prevent swapping to disk (optional - may fail due to permissions) */
|
|
if (mlock(ptr, size) != 0) {
|
|
/* mlock may fail due to ulimit restrictions. Log warning but continue. */
|
|
fprintf(stderr, "Warning: mlock failed (%s). Memory may be swapped.\n", strerror(errno));
|
|
/* Continue without mlock - better than failing entirely */
|
|
}
|
|
|
|
/* 2. Exclude from core dumps */
|
|
if (madvise(ptr, size, MADV_DONTDUMP) != 0) {
|
|
perror("madvise MADV_DONTDUMP failed");
|
|
/* Non-fatal, continue */
|
|
}
|
|
|
|
/* 3. Clear in child processes after fork() */
|
|
if (madvise(ptr, size, MADV_WIPEONFORK) != 0) {
|
|
perror("madvise MADV_WIPEONFORK failed");
|
|
/* Non-fatal, continue */
|
|
}
|
|
|
|
return SE050_OK;
|
|
#else
|
|
/* Non-Linux platforms: no special protection */
|
|
(void)ptr;
|
|
(void)size;
|
|
return SE050_OK;
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* @brief Release memory protection before freeing
|
|
*
|
|
* Must be called before freeing protected memory.
|
|
*
|
|
* @param ptr Pointer to memory region to release
|
|
* @param size Size of memory region in bytes
|
|
*/
|
|
static inline void release_memory_protection(void *ptr, size_t size)
|
|
{
|
|
#ifdef __linux__
|
|
/* Must unlock before freeing */
|
|
munlock(ptr, size);
|
|
#else
|
|
(void)ptr;
|
|
(void)size;
|
|
#endif
|
|
}
|
|
|
|
#endif /* SE050_MEM_PROTECT_H */
|