[gnutls-devel] GnuTLS | Use custom allocators for GMP to make sure temporary secrets (41c9c845)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Aug 20 16:38:41 CEST 2022
Luke D'Alessandro started a new discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/commit/41c9c845a342359327403431050d3458246896af#note_1071304858
> +
> + /* Check if non-default allocators are being used.
> + * Some applications like guile override GMP allocators
> + * with GC capable alternatives. Do nothing if this is
> + * the case.
> + */
> + mp_get_memory_functions(&allocfunc, &reallocfunc, &freefunc);
> + mp_set_memory_functions(NULL, NULL, NULL);
> + mp_get_memory_functions(&defallocfunc, &defreallocfunc, &deffreefunc);
> + if (reallocfunc != defreallocfunc || freefunc != deffreefunc) {
> + mp_set_memory_functions(allocfunc, reallocfunc, freefunc);
> + return (0);
> + }
> +
> + /* Overload GMP allocators with safe alternatives */
> + mp_set_memory_functions(NULL, gnutls_realloc_zero, gnutls_free_zero);
This causes a segfault during `__run_exit_handlers` if `libgnutls.so` is unloaded before GMP tries to free memory. See issue 1398. I think gnutls needs to at least store the previous functions and restore them as part of `gnutls_crypto_deinit()`. Assuming this gets called prior to `exit()` it will avoid the issue.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/41c9c845a342359327403431050d3458246896af#note_1071304858
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220820/672044ab/attachment-0001.html>
More information about the Gnutls-devel
mailing list