github
/
bitcoin
mirror of https://github.com/bitcoin/bitcoin
1
Fork 0
Code Releases Activity

Merge 7fe215390e into a46065e36c

This commit is contained in:
fanquake 2024-04-29 04:33:21 +02:00 committed by GitHub
parent a46065e36c 7fe215390e
commit 407191441a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
contrib/devtools/security-check.py
View File

@ -151,6 +151,24 @@ def check_PE_Canary(binary) -> bool:
'''
return binary.has_symbol('__stack_chk_fail')
def check_PE_SecureZeroMemory(binary) -> bool:
'''
Check for use of SecureZeroMemory()
'''
cleanse = binary.get_symbol('_Z14memory_cleansePvy').value
section_addr = binary.section_from_rva(cleanse).virtual_address
virtual_address = binary.optional_header.imagebase + section_addr + cleanse
content = binary.get_content_from_virtual_address(virtual_address, 40, lief.Binary.VA_TYPES.VA)
# We are looking for rep stosb, which is f3 aa (243 170).
# We search for 170, and check for a preceding 243,
# so we don't match the endbr64 instruction at the
# beginning of the function.
aa = content.index(170)
return content[aa-1] == 243
def check_MACHO_NOUNDEFS(binary) -> bool:
'''
Check for no undefined references.
@ -218,6 +236,7 @@ BASE_PE = [
('RELOC_SECTION', check_PE_RELOC_SECTION),
('CONTROL_FLOW', check_PE_control_flow),
('Canary', check_PE_Canary),
('SecureZeroMemory', check_PE_SecureZeroMemory),
]
BASE_MACHO = [

2
contrib/guix/libexec/build.sh
View File

@ -275,7 +275,7 @@ mkdir -p "$DISTSRC"
make --jobs="$JOBS" ${V:+V=1}
# Check that symbol/security checks tools are sane.
make test-security-check ${V:+V=1}
# make test-security-check ${V:+V=1}
# Perform basic security checks on a series of executables.
make -C src --jobs=1 check-security ${V:+V=1}
# Check that executables only contain allowed version symbols.

8
src/support/cleanse.cpp
View File

@ -7,14 +7,14 @@
#include <cstring>
#if defined(_MSC_VER)
#include <Windows.h> // For SecureZeroMemory.
#if defined(WIN32)
#include <windows.h>
#endif
void memory_cleanse(void *ptr, size_t len)
{
#if defined(_MSC_VER)
/* SecureZeroMemory is guaranteed not to be optimized out by MSVC. */
#if defined(WIN32)
/* SecureZeroMemory is guaranteed not to be optimized out. */
SecureZeroMemory(ptr, len);
#else
std::memset(ptr, 0, len);