Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce SafeDbt to handle Dbt with free or memory_cleanse raii-style #14268

Merged
merged 3 commits into from Jan 16, 2019

Conversation

@Empact
Copy link
Member

@Empact Empact commented Sep 19, 2018

This provides additional exception-safety and case handling for the proper
freeing of the associated buffers.

src/wallet/db.h Outdated Show resolved Hide resolved
src/wallet/db.h Outdated Show resolved Hide resolved
Copy link
Contributor

@l2a5b1 l2a5b1 left a comment

utACK 985892e

src/wallet/db.h Outdated Show resolved Hide resolved
@DrahtBot
Copy link
Contributor

@DrahtBot DrahtBot commented Sep 28, 2018

Coverage Change (pull 14268) Reference (master)
Lines +0.0099 % 87.0361 %
Functions +0.0179 % 84.1130 %
Branches -0.0022 % 51.5451 %

Copy link
Member

@promag promag left a comment

utACK 985892e.

nit, first commit kind of unrelated — could mention the dead code cleanup in the PR description.

src/wallet/db.h Outdated Show resolved Hide resolved
@achow101
Copy link
Member

@achow101 achow101 commented Oct 9, 2018

utACK 985892e5aa75b76f71a354c8d835d7729048cccc

@meshcollider
Copy link
Member

@meshcollider meshcollider commented Nov 10, 2018

utACK 985892e

Style-nit: the developer notes say "No indentation for public/protected/private or for namespace", so you might want to change the MallocedDbt class to fit that.

First commit is unrelated as promag said, but a nice cleanup, the last use of setRange was in ListAccountCreditDebit which was removed when accounts were.

@Empact Empact changed the title Introduce MallocedDbt to handle DB_DBT_MALLOC raii-style Introduce SafeDbt to handle Dbt with free or memory_cleanse raii-style Nov 12, 2018
@Empact Empact changed the title Introduce SafeDbt to handle Dbt with free or memory_cleanse raii-style Introduce SafeDbt to handle Dbt with free or memory_cleanse raii-style Nov 12, 2018
@Empact
Copy link
Member Author

@Empact Empact commented Nov 12, 2018

Ok just pushed some significant changes:

  • Now called SafeDbt, and applied in all cases where memory_cleanse was used with Dbt
  • No longer in an anonymous namespace as that is a violation of DCL59-CPP, instead nest it inside BerkeleyBatch, as all uses are therein.
  • Implementation is now in db.cpp

This provides additional exception-safety and case handling for the proper
freeing of the associated buffers.
@Empact
Copy link
Member Author

@Empact Empact commented Nov 13, 2018

Appveyor failure looks unrelated.

@ken2812221
Copy link
Contributor

@ken2812221 ken2812221 commented Nov 13, 2018

utACK 1a9f9f7

return m_dbt.get_size();
}

BerkeleyBatch::SafeDbt::operator Dbt*()
Copy link
Contributor

@practicalswift practicalswift Nov 20, 2018

const? :-)

Copy link
Member

@laanwj laanwj Nov 23, 2018

it's returning a mutable pointer to the internal structure, I don't think it'd make sense to make the method const (unless you mean it should return a const* pointer too, but that's likely not good enough for the BDB functions)

@laanwj
Copy link
Member

@laanwj laanwj commented Nov 23, 2018

utACK 1a9f9f7

{
if (m_dbt.get_data() != nullptr) {
// Clear memory, e.g. in case it was a private key
memory_cleanse(m_dbt.get_data(), m_dbt.get_size());
Copy link
Member

@laanwj laanwj Nov 23, 2018

This changes behavior: in the case of Write it was also cleansing the dtabase key, now it no longer is.
Not sure if this is necessary, I don't think the database keys ever contain sensitive information, but it should be noted.

Copy link
Member Author

@Empact Empact Nov 25, 2018

@Empact
Copy link
Member Author

@Empact Empact commented Nov 25, 2018

Added another commit:

  • Make SafeDbt DB_DBT_MALLOC on default initialization
  • Ran clang-format

Separate for easier review, can squash.

If we're constructing the SafeDbt without provided data, it is always malloced,
so that is the case we expose.

Also run clang-format.
@Empact
Copy link
Member Author

@Empact Empact commented Nov 25, 2018

Appveyor failure looks unrelated: "ConnectionAbortedError: [WinError 10053] An established connection was aborted by the software in your host machine"

@laanwj laanwj merged commit 4a86a0a into bitcoin:master Jan 16, 2019
2 checks passed
laanwj added a commit that referenced this issue Jan 16, 2019
…anse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
deadalnix pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this issue Sep 2, 2020
Summary:
bitcoin/bitcoin@951a44e

---

Partial backport of Core [[bitcoin/bitcoin#14268 | PR14268]]

Test Plan:
  ninja check check-functional

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D7321
deadalnix pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this issue Sep 2, 2020
Summary:
This provides additional exception-safety and case handling for the proper
freeing of the associated buffers.

bitcoin/bitcoin@1a9f9f7

---

Depends on D7321

Partial backport of Core [[bitcoin/bitcoin#14268 | PR14268]]

Test Plan:
  ninja check check-functional

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D7322
deadalnix pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this issue Sep 2, 2020
Summary:
If we're constructing the SafeDbt without provided data, it is always malloced,
so that is the case we expose.

Also run clang-format.

bitcoin/bitcoin@4a86a0a

---

Depends on D7322

Concludes backport of Core [[bitcoin/bitcoin#14268 | PR14268]]

Test Plan:
  ninja check check-functional

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D7323
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Jun 26, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Jun 27, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Jun 28, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
PastaPastaPasta added a commit to PastaPastaPasta/dash that referenced this issue Jun 29, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
Munkybooty added a commit to Munkybooty/dash that referenced this issue Aug 21, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
dzutte-cpp pushed a commit to dzutte-cpp/dash that referenced this issue Sep 24, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
dzutte-cpp added a commit to dzutte-cpp/dash that referenced this issue Sep 24, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
dzutte-cpp added a commit to dzutte-cpp/dash that referenced this issue Sep 24, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
dzutte-cpp added a commit to dzutte-cpp/dash that referenced this issue Sep 27, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
dzutte-cpp added a commit to dzutte-cpp/dash that referenced this issue Sep 30, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
dzutte-cpp added a commit to dzutte-cpp/dash that referenced this issue Oct 1, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
kittywhiskers added a commit to kittywhiskers/dash that referenced this issue Oct 12, 2021
…ory_cleanse raii-style

4a86a0a Make SafeDbt DB_DBT_MALLOC on default initialization (Ben Woosley)
1a9f9f7 Introduce SafeDbt to handle DB_DBT_MALLOC raii-style (Ben Woosley)
951a44e Drop unused setRange arg to BerkeleyBatch::ReadAtCursor (Ben Woosley)

Pull request description:

  This provides additional exception-safety and case handling for the proper
  freeing of the associated buffers.

Tree-SHA512: a038d728290cdb3905e7d881608052a6675b6425729ceaf7cfe69a6e91c2ee293cdb01e4b695a20963459ffdd9d4a1f9a08b3c07b1b5ba1aa8590a8149f686db
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

10 participants