From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Fri, 7 Jul 2023 12:03:33 +0000 (+0200)
Subject: Use PDNS_CHECK_SECURE_MEMSET, as suggested by @rcagogne
X-Git-Tag: rec-5.0.0-alpha1~122^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F13001%2Fhead;p=thirdparty%2Fpdns.git

Use PDNS_CHECK_SECURE_MEMSET, as suggested by @rcagogne
---

diff --git a/configure.ac b/configure.ac
index ce048aef23..d6ad04a3c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -154,7 +154,8 @@ dnl Checks for library functions.
 dnl the *_r functions are in posix so we can use them unconditionally, but the ext/yahttp code is
 dnl using the defines.
 AC_CHECK_FUNCS_ONCE([strcasestr localtime_r gmtime_r recvmmsg sched_setscheduler])
-AC_CHECK_FUNCS_ONCE([explicit_bzero memset_s getrandom getentropy arc4random arc4random_uniform arc4random_buf])
+AC_CHECK_FUNCS_ONCE([getrandom getentropy arc4random arc4random_uniform arc4random_buf])
+PDNS_CHECK_SECURE_MEMSET
 
 AM_CONDITIONAL([HAVE_RECVMMSG], [test "x$ac_cv_func_recvmmsg" = "xyes"])
 
diff --git a/ext/arc4random/arc4random.hh b/ext/arc4random/arc4random.hh
index c9bedac473..cff8dd031e 100644
--- a/ext/arc4random/arc4random.hh
+++ b/ext/arc4random/arc4random.hh
@@ -15,6 +15,6 @@ extern "C"
   uint32_t arc4random_uniform(uint32_t upper_bound);
 #endif
 #ifndef HAVE_EXPLICIT_BZERO
-  void explicit_bzero(void *, size_t len);
+  void explicit_bzero(void*, size_t len);
 #endif
 }
diff --git a/m4/pdns_check_secure_memset.m4 b/m4/pdns_check_secure_memset.m4
index 4f582199a9..220eaebe66 100644
--- a/m4/pdns_check_secure_memset.m4
+++ b/m4/pdns_check_secure_memset.m4
@@ -1,3 +1,3 @@
 AC_DEFUN([PDNS_CHECK_SECURE_MEMSET], [
-  AC_CHECK_FUNCS([explicit_bzero explicit_memset])
+  AC_CHECK_FUNCS([explicit_bzero explicit_memset memset_s])
 ])
diff --git a/pdns/dnsdistdist/configure.ac b/pdns/dnsdistdist/configure.ac
index 6ab2749d3a..aa7ffbf7a4 100644
--- a/pdns/dnsdistdist/configure.ac
+++ b/pdns/dnsdistdist/configure.ac
@@ -49,7 +49,7 @@ PDNS_WITH_SERVICE_USER([dnsdist])
 dnl the *_r functions are in posix so we can use them unconditionally, but the ext/yahttp code is
 dnl using the defines.
 AC_CHECK_FUNCS_ONCE([localtime_r gmtime_r])
-AC_CHECK_FUNCS_ONCE([explicit_bzero memset_s getrandom getentropy arc4random arc4random_uniform arc4random_buf])
+AC_CHECK_FUNCS_ONCE([getrandom getentropy arc4random arc4random_uniform arc4random_buf])
 AC_SUBST([YAHTTP_CFLAGS], ['-I$(top_srcdir)/ext/yahttp'])
 AC_SUBST([YAHTTP_LIBS], ['$(top_builddir)/ext/yahttp/yahttp/libyahttp.la'])
 AC_SUBST([IPCRYPT_CFLAGS], ['-I$(top_srcdir)/ext/ipcrypt'])
diff --git a/pdns/recursordist/configure.ac b/pdns/recursordist/configure.ac
index 8945ae6618..2e8f9351b3 100644
--- a/pdns/recursordist/configure.ac
+++ b/pdns/recursordist/configure.ac
@@ -113,7 +113,8 @@ PDNS_CHECK_CURL
 dnl the *_r functions are in posix so we can use them unconditionally, but the ext/yahttp code is
 dnl using the defines.
 AC_CHECK_FUNCS_ONCE([localtime_r gmtime_r strcasestr])
-AC_CHECK_FUNCS_ONCE([explicit_bzero memset_s getrandom getentropy arc4random arc4random_uniform arc4random_buf])
+AC_CHECK_FUNCS_ONCE([getrandom getentropy arc4random arc4random_uniform arc4random_buf])
+PDNS_CHECK_SECURE_MEMSET
 
 AC_CHECK_HEADERS([sys/random.h])
 
diff --git a/pdns/recursordist/m4/pdns_check_secure_memset.m4 b/pdns/recursordist/m4/pdns_check_secure_memset.m4
new file mode 120000
index 0000000000..58f6bd3bee
--- /dev/null
+++ b/pdns/recursordist/m4/pdns_check_secure_memset.m4
@@ -0,0 +1 @@
+../../../m4/pdns_check_secure_memset.m4
\ No newline at end of file