diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-01-25 13:25:30 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-01-25 14:04:26 +0100 |
| commit | 2a162dcaf165e59b72a24825bdc2e1c627979d23 (patch) | |
| tree | c37e20eb031a33940baa89b2b823169b6553a511 /ffi | |
| parent | 118a86b0302b4bb35b1f1bbef50b2a042f239384 (diff) | |
ffi-macros: Protect against use-after-free.
- When we transfer ownership from C to Rust, we move the wrapped
object out of the wrapper, and poison the wrapper.
- This prevents reuse of the wrapper object. When a stale reference
is given to us, we check the tag encoding the type information.
- If the tag field is poisoned, we can produce a more helpful error
message. This is not exact, of course. As soon as the memory is
reused, our tag is overwritten.
Diffstat (limited to 'ffi')
| -rw-r--r-- | ffi/Cargo.toml | 1 | ||||
| -rw-r--r-- | ffi/src/lib.rs | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index 80059a09..2f62738d 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -29,6 +29,7 @@ sequoia-net = { path = "../net" } failure = "0.1.2" lazy_static = "1.0.0" libc = "0.2.33" +memsec = "0.5.4" native-tls = "0.2.0" time = "0.1.40" diff --git a/ffi/src/lib.rs b/ffi/src/lib.rs index 9b095cd3..8c88b836 100644 --- a/ffi/src/lib.rs +++ b/ffi/src/lib.rs @@ -112,6 +112,7 @@ extern crate failure; extern crate lazy_static; extern crate libc; extern crate native_tls; +extern crate memsec; extern crate sequoia_ffi_macros; use sequoia_ffi_macros::{ |