Tighten behavior of _rs_allocate on Windows.

For Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed.

This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the
memory to READ|WRITE and keeps the memory out of the process heap.

ok deraadt@

1 files changed, 7 insertions, 4 deletions

diff --git a/lib/libcrypto/arc4random/arc4random_win.h b/lib/libcrypto/arc4random/arc4random_win.h
index 48a1bda1282..deec8a1efe8 100644
--- a/lib/libcrypto/arc4random/arc4random_win.h
+++ b/lib/libcrypto/arc4random/arc4random_win.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random_win.h,v 1.5 2015/01/15 06:57:18 deraadt Exp $	*/
+/*	$OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -52,13 +52,16 @@ _getentropy_fail(void)
 static inline int
 _rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
 {
-	*rsp = calloc(1, sizeof(**rsp));
+	*rsp = VirtualAlloc(NULL, sizeof(**rsp),
+	    MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
 	if (*rsp == NULL)
 		return (-1);
 
-	*rsxp = calloc(1, sizeof(**rsxp));
+	*rsxp = VirtualAlloc(NULL, sizeof(**rsxp),
+	    MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
 	if (*rsxp == NULL) {
-		free(*rsp);
+		VirtualFree(*rsp, 0, MEM_RELEASE);
+		*rsp = NULL;
 		return (-1);
 	}
 	return (0);