Also include explcit_bzero(), which is needed when using older glibc

diff --git a/configure.ac b/configure.ac
index 13dc98fa2f38c005a1733b0aa6806dcf72ec6483..ce048aef23926040d02f8444db63fb1812214b40 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -154,7 +154,7 @@ dnl Checks for library functions.
 dnl the *_r functions are in posix so we can use them unconditionally, but the ext/yahttp code is
 dnl using the defines.
 AC_CHECK_FUNCS_ONCE([strcasestr localtime_r gmtime_r recvmmsg sched_setscheduler])
-AC_CHECK_FUNCS_ONCE([getrandom getentropy arc4random arc4random_uniform arc4random_buf])
+AC_CHECK_FUNCS_ONCE([explicit_bzero memset_s getrandom getentropy arc4random arc4random_uniform arc4random_buf])
 
 AM_CONDITIONAL([HAVE_RECVMMSG], [test "x$ac_cv_func_recvmmsg" = "xyes"])
 

diff --git a/ext/arc4random/Makefile.am b/ext/arc4random/Makefile.am
index e776e0e0addc1302930bd01c695e588034ecccea..73479d160afcad131a6b2d50c9323e16f3e1a092 100644 (file)
--- a/ext/arc4random/Makefile.am
+++ b/ext/arc4random/Makefile.am
@@ -6,5 +6,6 @@ libarc4random_la_SOURCES = \
        arc4random_uniform.c \
        bsd-getentropy.c \
        chacha_private.h \
+       explicit_bzero.c \
        includes.h \
        log.h

diff --git a/ext/arc4random/arc4random.hh b/ext/arc4random/arc4random.hh
index f9f779f12e382632f9ef6adf4f23638a38a0f189..c9bedac4733feae8ef259ad9380d459c12ed4a8d 100644 (file)
--- a/ext/arc4random/arc4random.hh
+++ b/ext/arc4random/arc4random.hh
@@ -14,4 +14,7 @@ extern "C"
 #ifndef HAVE_ARC4RANDOM_UNIFORM
   uint32_t arc4random_uniform(uint32_t upper_bound);
 #endif
+#ifndef HAVE_EXPLICIT_BZERO
+  void explicit_bzero(void *, size_t len);
+#endif
 }

diff --git a/ext/arc4random/explicit_bzero.c b/ext/arc4random/explicit_bzero.c
new file mode 100644 (file)
index 0000000..68cd2c1
--- /dev/null
+++ b/ext/arc4random/explicit_bzero.c
@@ -0,0 +1,65 @@
+/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */
+/*     $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
+/*
+ * Public domain.
+ * Written by Ted Unangst
+ */
+
+#include "includes.h"
+
+#include <string.h>
+
+/*
+ * explicit_bzero - don't let the compiler optimize away bzero
+ */
+
+#ifndef HAVE_EXPLICIT_BZERO
+
+#ifdef HAVE_EXPLICIT_MEMSET
+
+void
+explicit_bzero(void *p, size_t n)
+{
+       (void)explicit_memset(p, 0, n);
+}
+
+#elif defined(HAVE_MEMSET_S)
+
+void
+explicit_bzero(void *p, size_t n)
+{
+       if (n == 0)
+               return;
+       (void)memset_s(p, n, 0, n);
+}
+
+#else /* HAVE_MEMSET_S */
+
+/*
+ * Indirect bzero through a volatile pointer to hopefully avoid
+ * dead-store optimisation eliminating the call.
+ */
+static void (* volatile ssh_bzero)(void *, size_t) = bzero;
+
+void
+explicit_bzero(void *p, size_t n)
+{
+       if (n == 0)
+               return;
+       /*
+        * clang -fsanitize=memory needs to intercept memset-like functions
+        * to correctly detect memory initialisation. Make sure one is called
+        * directly since our indirection trick above successfully confuses it.
+        */
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+       memset(p, 0, n);
+# endif
+#endif
+
+       ssh_bzero(p, n);
+}
+
+#endif /* HAVE_MEMSET_S */
+
+#endif /* HAVE_EXPLICIT_BZERO */

diff --git a/ext/arc4random/includes.h b/ext/arc4random/includes.h
index 0a3882e4836a25668f72c576cf280f3284c7c0ef..5ef06b816bf26900f3985dad4d3bffc55294705f 100644 (file)
--- a/ext/arc4random/includes.h
+++ b/ext/arc4random/includes.h
@@ -20,5 +20,8 @@ void arc4random_buf(void *buf, size_t nbytes);
 #ifndef HAVE_ARC4RANDOM_UNIFORM
 uint32_t arc4random_uniform(uint32_t upper_bound);
 #endif
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *, size_t len);
+#endif
 
 #define DEF_WEAK(x)

diff --git a/pdns/dnsdistdist/configure.ac b/pdns/dnsdistdist/configure.ac
index aa7ffbf7a44e21f3b0dca476a32779b9dd0cda35..6ab2749d3ad4dce7de8ad63119fdf59e718ec9ca 100644 (file)
--- a/pdns/dnsdistdist/configure.ac
+++ b/pdns/dnsdistdist/configure.ac
@@ -49,7 +49,7 @@ PDNS_WITH_SERVICE_USER([dnsdist])
 dnl the *_r functions are in posix so we can use them unconditionally, but the ext/yahttp code is
 dnl using the defines.
 AC_CHECK_FUNCS_ONCE([localtime_r gmtime_r])
-AC_CHECK_FUNCS_ONCE([getrandom getentropy arc4random arc4random_uniform arc4random_buf])
+AC_CHECK_FUNCS_ONCE([explicit_bzero memset_s getrandom getentropy arc4random arc4random_uniform arc4random_buf])
 AC_SUBST([YAHTTP_CFLAGS], ['-I$(top_srcdir)/ext/yahttp'])
 AC_SUBST([YAHTTP_LIBS], ['$(top_builddir)/ext/yahttp/yahttp/libyahttp.la'])
 AC_SUBST([IPCRYPT_CFLAGS], ['-I$(top_srcdir)/ext/ipcrypt'])

diff --git a/pdns/dnsdistdist/ext/arc4random/explicit_bzero.c b/pdns/dnsdistdist/ext/arc4random/explicit_bzero.c
new file mode 120000 (symlink)
index 0000000..4b950e0
--- /dev/null
+++ b/pdns/dnsdistdist/ext/arc4random/explicit_bzero.c
@@ -0,0 +1 @@
+../../../../ext/arc4random/explicit_bzero.c
\ No newline at end of file

diff --git a/pdns/recursordist/configure.ac b/pdns/recursordist/configure.ac
index e466237cbe7f6836dd095dacdb2f1ec37dacd402..8945ae6618429eba135fe71efcd0c48f23cc95c5 100644 (file)
--- a/pdns/recursordist/configure.ac
+++ b/pdns/recursordist/configure.ac
@@ -113,7 +113,7 @@ PDNS_CHECK_CURL
 dnl the *_r functions are in posix so we can use them unconditionally, but the ext/yahttp code is
 dnl using the defines.
 AC_CHECK_FUNCS_ONCE([localtime_r gmtime_r strcasestr])
-AC_CHECK_FUNCS_ONCE([getrandom getentropy arc4random arc4random_uniform arc4random_buf])
+AC_CHECK_FUNCS_ONCE([explicit_bzero memset_s getrandom getentropy arc4random arc4random_uniform arc4random_buf])
 
 AC_CHECK_HEADERS([sys/random.h])
 

diff --git a/pdns/recursordist/ext/arc4random/explicit_bzero.c b/pdns/recursordist/ext/arc4random/explicit_bzero.c
new file mode 120000 (symlink)
index 0000000..4b950e0
--- /dev/null
+++ b/pdns/recursordist/ext/arc4random/explicit_bzero.c
@@ -0,0 +1 @@
+../../../../ext/arc4random/explicit_bzero.c
\ No newline at end of file