Allocate whole page(s) for each sc_mem_secure_alloc

sc_mem_secure_alloc uses calloc to allocate memory, but then uses mlock to try to lock the allocated memory. calloc may not necessarily return a page-aligned pointer, even if we request a whole page of memory. Instead we use aligned_alloc to ensure we get whole page(s) to ourselves for sc_mem_secure_alloc. Fixes OpenSC#3267 Thanks to Davis Gallinghouse @dgalling
frankmorgner · Nov 25, 2024 · f3659dd · f3659dd
1 parent 7f7e5dd
commit f3659dd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/doc/files/files.html b/doc/files/files.html
@@ -57,7 +57,7 @@
 						<code class="literal">HKEY_LOCAL_MACHINE</code> (if available)
 				</p></li><li class="listitem"><p>
 						system-wide configuration file
-						(<code class="literal">/etc/opensc.conf</code>)
+						(<code class="literal">/home/fm/.local/etc/opensc.conf</code>)
 				</p></li></ol></div><p>
 		</p><p>
 			The configuration file, <code class="literal">opensc.conf</code>, is composed
@@ -148,7 +148,7 @@
 						directory for
 						<span class="citerefentry"><span class="refentrytitle">pkcs15-init</span>(1).
 						</span>
-						(Default: <code class="literal">/usr/share/opensc</code>).
+						(Default: <code class="literal">/home/fm/.local/share/opensc</code>).
 					</p><p>
 						If this configuration value is not found on
 						Windows, the registry key
@@ -289,7 +289,7 @@
 								<code class="option">module_path = <em class="replaceable"><code>filename</code></em>;</code>
 							</span></dt><dd><p>
 									Directory with external SM module
-									(Default: /usr/lib64).
+									(Default: /home/fm/.local/lib).
 								</p><p>
 									If this configuration value is not
 									found on Windows, the registry key
@@ -1209,11 +1209,11 @@
 						PIV configuration during initialization
 						See Configuration Options for PIV Card.
 				</p></dd></dl></div></div><div class="refsect1"><a name="id-1.2.6"></a><h2>Files</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
-					<code class="filename">/etc/opensc.conf</code>
+					<code class="filename">/home/fm/.local/etc/opensc.conf</code>
 				</span></dt><dd><p>
 						System-wide configuration file
 				</p></dd><dt><span class="term">
-					<code class="filename">/usr/share/doc/opensc/opensc.conf</code>
+					<code class="filename">/home/fm/.local/share/doc/opensc/opensc.conf</code>
 				</span></dt><dd><p>
 						Extended example configuration file
 				</p></dd></dl></div></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-profile"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-profile — format of profile for <span class="command"><strong>pkcs15-init</strong></span></p></div><div class="refsect1"><a name="id-1.3.3"></a><h2>Description</h2><p>
@@ -1231,7 +1231,7 @@
 		</p><p>
 			The card specific profile contains additional information required during
 			card initialization, such as location of PIN files, key references etc.
-			Profiles currently reside in <code class="filename">/usr/share/opensc</code>
+			Profiles currently reside in <code class="filename">/home/fm/.local/share/opensc</code>
 		</p><p>
 			Basic PKCS#15 terminology:
 			</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>

diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c
@@ -923,7 +923,7 @@ void *sc_mem_secure_alloc(size_t len)
 		len = pages * page_size;
 	}
 
-	p = calloc(1, len);
+	p = aligned_alloc(1, len);
 	if (p == NULL) {
 		return NULL;
 	}
@@ -932,6 +932,7 @@ void *sc_mem_secure_alloc(size_t len)
 #else
 	mlock(p, len);
 #endif
+	memset(p, 0, len);
 
 	return p;
 }