From 1657b4ef269e35b6b7065ee6af9159f8fa05cfa1 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 3 May 2013 11:41:51 +0200
Subject: [PATCH] Dump stack if memwipe() check fails

---
 src/libstrongswan/library.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index 4dec612..170bc9f 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -151,12 +151,22 @@ static bool equals(char *a, char *b)
 }
 
 /**
+ * Number of words we write and memwipe() in memwipe check
+ */
+#define MEMWIPE_WIPE_WORDS 16
+
+/**
+ * Number of words we check stack for memwiped magic
+ */
+#define MEMWIPE_CHECK_WORDS (MEMWIPE_WIPE_WORDS * 2)
+
+/**
  * Write magic to memory, and try to clear it with memwipe()
  */
 __attribute__((noinline))
 static void do_magic(int magic, int **stack)
 {
-	int buf[32], i;
+	int buf[MEMWIPE_WIPE_WORDS], i;
 
 	/* tell caller where callee stack is (but don't point to buf) */
 	*stack = &i;
@@ -184,11 +194,18 @@ static bool check_memwipe()
 	{	/* stack grows down */
 		stackdir = -1;
 	}
-	for (i = 0; i < 128; i++)
+	for (i = 0; i < MEMWIPE_CHECK_WORDS; i++)
 	{
 		ptr = ptr + stackdir;
 		if (*ptr == magic)
 		{
+			ptr = &magic + stackdir;
+			if (stackdir == -1)
+			{
+				ptr -= MEMWIPE_CHECK_WORDS;
+			}
+			DBG1(DBG_LIB, "memwipe() check failed: stackdir: %d %b",
+				 stackdir, ptr, (u_int)(MEMWIPE_CHECK_WORDS * sizeof(int)));
 			return FALSE;
 		}
 	}
@@ -268,7 +285,6 @@ bool library_init(char *settings)
 
 	if (!check_memwipe())
 	{
-		DBG1(DBG_LIB, "memwipe() check failed");
 		return FALSE;
 	}
 
-- 
2.7.4