Don't include locked memory in coredumps

Linux 3.4+ supports a DONTDUMP advisory, which prevents memory from being included in coredumps.
2014-06-27 22:12:25 -07:00 · 2014-06-27 22:12:25 -07:00 · 08e578c421
commit 08e578c421
parent 768b78b711
1 changed files with 6 additions and 0 deletions
--- a/src/libsodium/sodium/utils.c
+++ b/src/libsodium/sodium/utils.c
@ -169,6 +169,9 @@ sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
 int
 sodium_mlock(void * const addr, const size_t len)
 {
+#ifdef MADV_DONTDUMP
+    (void) madvise(addr, len, MADV_DONTDUMP);
+#endif
 #ifdef HAVE_MLOCK
    return mlock(addr, len);
 #elif defined(HAVE_VIRTUALLOCK)
@ -183,6 +186,9 @@ int
 sodium_munlock(void * const addr, const size_t len)
 {
    sodium_memzero(addr, len);
+#ifdef MADV_DODUMP
+    (void) madvise(addr, len, MADV_DODUMP);
+#endif
 #ifdef HAVE_MLOCK
    return munlock(addr, len);
 #elif defined(HAVE_VIRTUALLOCK)