ViewMTN: Diff from [275bf5c6..] to [fc57c894..]

ViewMTN — Everything : Branches | Tags | Help | About | Change DB
Revision [275bf5c6..]: Info | Browse Files | Download (tar)
The unified diff between revisions [275bf5c6..] and [fc57c894..] is displayed below. It can also be downloaded as a raw diff.
#
#
# patch "cli-main.c"
#  from [b8bdcc79de3defcd4691630a5d612a55fb9f7f9d]
#    to [ba080ad9e807acfcee3fa0debc7be6c426f22887]
#
# patch "dbutil.c"
#  from [1877a52778c8265a9eb5ddd9f3a689cb657628aa]
#    to [7a6008f4e2b73757a7020a92188704d6a0e0fc16]
#
# patch "dbutil.h"
#  from [80bc2ed10e5685a75b4443d9eceadf5159889df9]
#    to [35c9134a3e3f73d463f960e020882b2c7ea870ef]
#
# patch "includes.h"
#  from [cd7f0b958e52970cf042fdc28f5d76e4babcd0ef]
#    to [7af72cca59d29e02cd3521d876f89005c6a791c6]
#
# patch "packet.c"
#  from [6ec289d04a1bb71593461e80acce2d37fa1eb536]
#    to [ee38e4e0324dc12edfa2dd7d8f48d093467f4c58]
#
# patch "process-packet.c"
#  from [0ec13e8cbeb405c6ba9dfea3720393db5c6ebfe6]
#    to [6633b32f378eaa78928adbdb514cc2515f951890]
#
# patch "svr-main.c"
#  from [1d0573949dc087639e488f50356b0f84511b9c5f]
#    to [12d6c850de3d3a66360b2e8d0dd24de492c9a9ed]
#
============================================================
--- cli-main.c	b8bdcc79de3defcd4691630a5d612a55fb9f7f9d
+++ cli-main.c	ba080ad9e807acfcee3fa0debc7be6c426f22887
@@ -47,6 +47,8 @@ int main(int argc, char ** argv) {
 	_dropbear_exit = cli_dropbear_exit;
 	_dropbear_log = cli_dropbear_log;

+	disallow_core();
+
 	cli_getopts(argc, argv);

 	TRACE(("user='%s' host='%s' port='%s'", cli_opts.username,
============================================================
--- dbutil.c	1877a52778c8265a9eb5ddd9f3a689cb657628aa
+++ dbutil.c	7a6008f4e2b73757a7020a92188704d6a0e0fc16
@@ -693,3 +693,9 @@ void setnonblocking(int fd) {
 	}
 	TRACE(("leave setnonblocking"))
 }
+
+void disallow_core() {
+	struct rlimit lim;
+	lim.rlim_cur = lim.rlim_max = 0;
+	setrlimit(RLIMIT_CORE, &lim);
+}
============================================================
--- dbutil.h	80bc2ed10e5685a75b4443d9eceadf5159889df9
+++ dbutil.h	35c9134a3e3f73d463f960e020882b2c7ea870ef
@@ -63,6 +63,7 @@ void setnonblocking(int fd);
 void __m_free(void* ptr);
 void m_burn(void* data, unsigned int len);
 void setnonblocking(int fd);
+void disallow_core();

 /* Used to force mp_ints to be initialised */
 #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
============================================================
--- includes.h	cd7f0b958e52970cf042fdc28f5d76e4babcd0ef
+++ includes.h	7af72cca59d29e02cd3521d876f89005c6a791c6
@@ -38,6 +38,7 @@
 #include <sys/time.h>
 #include <sys/un.h>
 #include <sys/wait.h>
+#include <sys/resource.h>

 #include <stdio.h>
 #include <errno.h>
============================================================
--- packet.c	6ec289d04a1bb71593461e80acce2d37fa1eb536
+++ packet.c	ee38e4e0324dc12edfa2dd7d8f48d093467f4c58
@@ -446,10 +446,6 @@ void encrypt_packet() {
 	}

 	/* finished with payload */
-	buf_burn(ses.writepayload); /* XXX This is probably a good idea, and isn't
-								   _that_ likely to hurt performance too badly.
-								   Buffers can have cleartext passwords etc, or
-								   other sensitive data */
 	buf_setpos(ses.writepayload, 0);
 	buf_setlen(ses.writepayload, 0);

============================================================
--- process-packet.c	0ec13e8cbeb405c6ba9dfea3720393db5c6ebfe6
+++ process-packet.c	6633b32f378eaa78928adbdb514cc2515f951890
@@ -119,7 +119,6 @@ out:
 	recv_unimplemented();

 out:
-	buf_burn(ses.payload); /* Clear the memory to avoid swapping it out */
 	buf_free(ses.payload);
 	ses.payload = NULL;

============================================================
--- svr-main.c	1d0573949dc087639e488f50356b0f84511b9c5f
+++ svr-main.c	12d6c850de3d3a66360b2e8d0dd24de492c9a9ed
@@ -52,6 +52,8 @@ int main(int argc, char ** argv)
 	_dropbear_exit = svr_dropbear_exit;
 	_dropbear_log = svr_dropbear_log;

+	disallow_core();
+
 	/* get commandline options */
 	svr_getopts(argc, argv);