From 30e7d8225109636bed8163a8797602f6dcaec7b3 Mon Sep 17 00:00:00 2001
From: Prabhpreet Dua <615318+prabhpreet@users.noreply.github.com>
Date: Tue, 4 Jun 2024 12:43:09 +0530
Subject: [PATCH] Review: Add memzero on free, assert unprotected_size + fd <=
 PAGE_SIZE

---
 memsec-test/tests/allocext_linux.rs | 2 --
 src/alloc/allocext/linux.rs         | 7 +++++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/memsec-test/tests/allocext_linux.rs b/memsec-test/tests/allocext_linux.rs
index 139b2a0..9d7a737 100644
--- a/memsec-test/tests/allocext_linux.rs
+++ b/memsec-test/tests/allocext_linux.rs
@@ -107,8 +107,6 @@ enum TestState {
     Free,
 }
 
-/// Attempts to
-#[cfg(unix)]
 fn attempt_write_in_region(
     offset: Offset,
     end_process_normally: bool,
diff --git a/src/alloc/allocext/linux.rs b/src/alloc/allocext/linux.rs
index 46315fe..5012e63 100644
--- a/src/alloc/allocext/linux.rs
+++ b/src/alloc/allocext/linux.rs
@@ -9,8 +9,6 @@ use self::memfd_secret_alloc::*;
 
 mod memfd_secret_alloc {
     use core::convert::TryInto;
-    use std::{io, println};
-
     use super::*;
 
     #[inline]
@@ -42,6 +40,9 @@ mod memfd_secret_alloc {
 unsafe fn _memfd_secret(size: usize) -> Option<*mut u8> {
     ALLOC_INIT.call_once(|| alloc_init());
 
+    //Assert size of unprotected_size (usize) and fd (i32) is less than PAGE_SIZE before allocating memory
+    assert!(size_of::<usize>() + size_of::<i32>() <= PAGE_SIZE);
+
     if size >= ::core::usize::MAX - PAGE_SIZE * 4 {
         return None;
     }
@@ -119,6 +120,8 @@ pub unsafe fn free_memfd_secret<T: ?Sized>(memptr: NonNull<T>) {
     let total_size = PAGE_SIZE + PAGE_SIZE + unprotected_size + PAGE_SIZE;
     _mprotect(base_ptr, total_size, Prot::ReadWrite);
 
+    crate::memzero(base_ptr, total_size);
+
     let res = libc::munmap(base_ptr as *mut c_void, total_size);
     if res < 0 {
         abort();