diff options
| -rw-r--r-- | cli-main.c | 2 | ||||
| -rw-r--r-- | dbutil.c | 6 | ||||
| -rw-r--r-- | dbutil.h | 1 | ||||
| -rw-r--r-- | includes.h | 1 | ||||
| -rw-r--r-- | packet.c | 4 | ||||
| -rw-r--r-- | process-packet.c | 1 | ||||
| -rw-r--r-- | svr-main.c | 2 |
7 files changed, 12 insertions, 5 deletions
@@ -47,6 +47,8 @@ int main(int argc, char ** argv) { _dropbear_exit = cli_dropbear_exit; _dropbear_log = cli_dropbear_log; + disallow_core(); + cli_getopts(argc, argv); TRACE(("user='%s' host='%s' port='%s'", cli_opts.username, @@ -693,3 +693,9 @@ void setnonblocking(int fd) { } TRACE(("leave setnonblocking")) } + +void disallow_core() { + struct rlimit lim; + lim.rlim_cur = lim.rlim_max = 0; + setrlimit(RLIMIT_CORE, &lim); +} @@ -63,6 +63,7 @@ void * m_realloc(void* ptr, size_t size); void __m_free(void* ptr); void m_burn(void* data, unsigned int len); void setnonblocking(int fd); +void disallow_core(); /* Used to force mp_ints to be initialised */ #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} @@ -38,6 +38,7 @@ #include <sys/time.h> #include <sys/un.h> #include <sys/wait.h> +#include <sys/resource.h> #include <stdio.h> #include <errno.h> @@ -446,10 +446,6 @@ void encrypt_packet() { } /* finished with payload */ - buf_burn(ses.writepayload); /* XXX This is probably a good idea, and isn't - _that_ likely to hurt performance too badly. - Buffers can have cleartext passwords etc, or - other sensitive data */ buf_setpos(ses.writepayload, 0); buf_setlen(ses.writepayload, 0); diff --git a/process-packet.c b/process-packet.c index 07fc130..ba39d9f 100644 --- a/process-packet.c +++ b/process-packet.c @@ -119,7 +119,6 @@ void process_packet() { recv_unimplemented(); out: - buf_burn(ses.payload); /* Clear the memory to avoid swapping it out */ buf_free(ses.payload); ses.payload = NULL; @@ -52,6 +52,8 @@ int main(int argc, char ** argv) _dropbear_exit = svr_dropbear_exit; _dropbear_log = svr_dropbear_log; + disallow_core(); + /* get commandline options */ svr_getopts(argc, argv); |