summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_pk1.c
diff options
context:
space:
mode:
authordjm <>2008-12-29 22:25:50 +0000
committerdjm <>2008-12-29 22:25:50 +0000
commitfd51a00555abf87dae44d852272f90de6709895d (patch)
tree98faf6e6f7899c0929ab660551964d3931213b49 /src/lib/libcrypto/rsa/rsa_pk1.c
parent79eae3468ef3216f558705406485fa84c61ff505 (diff)
downloadopenbsd-fd51a00555abf87dae44d852272f90de6709895d.tar.gz
openbsd-fd51a00555abf87dae44d852272f90de6709895d.tar.bz2
openbsd-fd51a00555abf87dae44d852272f90de6709895d.zip
extra paranoia for malloc(3):
Move all runtime options into a structure that is made read-only (via mprotect) after initialisation to protect against attacks that overwrite options to turn off malloc protections (e.g. use-after-free) Allocate the main bookkeeping data (struct dir_info) using mmap(), thereby giving it an unpredictable address. Place a PROT_NONE guard page on either side to further frustrate attacks on it. Add a new 'L' option that maps struct dir_info PROT_NONE except when in the allocator code itself. Makes attacks on it basically impossible. feedback tedu deraadt otto canacar ok otto
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_pk1.c')
0 files changed, 0 insertions, 0 deletions