explicit_bzero was added in glibc 2.25. Make use of it.
explicit_bzero is hardcoded to zero the memory, so string erase now
truncates the string, instead of overwriting it with 'x'. This causes
a visible difference only in the journalctl case.
kcmp,
keyctl,
LO_FLAGS_PARTSCAN,
- copy_file_range],
+ copy_file_range,
+ explicit_bzero],
[], [], [[
#include <sys/types.h>
#include <unistd.h>
#include <sys/mount.h>
#include <fcntl.h>
#include <sched.h>
+#include <string.h>
#include <linux/loop.h>
#include <linux/random.h>
]])
return 1;
}
+#if !HAVE_DECL_EXPLICIT_BZERO
/*
* Pointer to memset is volatile so that compiler must de-reference
* the pointer and can't assume that it points to any function in
static volatile memset_t memset_func = memset;
-void* memory_erase(void *p, size_t l) {
- return memset_func(p, 'x', l);
+void explicit_bzero(void *p, size_t l) {
+ memset_func(p, '\0', l);
}
+#endif
char* string_erase(char *x) {
-
if (!x)
return NULL;
/* A delicious drop of snake-oil! To be called on memory where
* we stored passphrases or so, after we used them. */
-
- return memory_erase(x, strlen(x));
+ explicit_bzero(x, strlen(x));
+ return x;
}
char *string_free_erase(char *s) {
return memmem(haystack, haystacklen, needle, needlelen);
}
-void* memory_erase(void *p, size_t l);
+#if !HAVE_DECL_EXPLICIT_BZERO
+void explicit_bzero(void *p, size_t l);
+#endif
+
char *string_erase(char *x);
char *string_free_erase(char *s);
r = send_on_socket(fd, argv[2], packet, length);
finish:
- memory_erase(packet, sizeof(packet));
+ explicit_bzero(packet, sizeof(packet));
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
if (n < m)
break;
- memory_erase(p, n);
+ explicit_bzero(p, n);
free(p);
m *= 2;
}
if (!l)
return -ENOMEM;
- memory_erase(p, n);
+ explicit_bzero(p, n);
*ret = l;
return 0;
return r;
serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING);
- memory_erase(p, n);
+ explicit_bzero(p, n);
if (serial == -1)
return -errno;
}
x = strndup(passphrase, p);
- memory_erase(passphrase, p);
+ explicit_bzero(passphrase, p);
if (!x) {
r = -ENOMEM;
goto finish;
l = strv_new("", NULL);
else
l = strv_parse_nulstr(passphrase+1, n-1);
- memory_erase(passphrase, n);
+ explicit_bzero(passphrase, n);
if (!l) {
r = -ENOMEM;
goto finish;
assert_se(streq(string_erase(x), ""));
x = strdupa("1");
- assert_se(streq(string_erase(x), "x"));
-
- x = strdupa("12");
- assert_se(streq(string_erase(x), "xx"));
-
- x = strdupa("123");
- assert_se(streq(string_erase(x), "xxx"));
-
- x = strdupa("1234");
- assert_se(streq(string_erase(x), "xxxx"));
-
- x = strdupa("12345");
- assert_se(streq(string_erase(x), "xxxxx"));
-
- x = strdupa("123456");
- assert_se(streq(string_erase(x), "xxxxxx"));
-
- x = strdupa("1234567");
- assert_se(streq(string_erase(x), "xxxxxxx"));
-
- x = strdupa("12345678");
- assert_se(streq(string_erase(x), "xxxxxxxx"));
+ assert_se(streq(string_erase(x), ""));
x = strdupa("123456789");
- assert_se(streq(string_erase(x), "xxxxxxxxx"));
+ assert_se(streq(string_erase(x), ""));
+
+ assert_se(x[1] == '\0');
+ assert_se(x[2] == '\0');
+ assert_se(x[3] == '\0');
+ assert_se(x[4] == '\0');
+ assert_se(x[5] == '\0');
+ assert_se(x[6] == '\0');
+ assert_se(x[7] == '\0');
+ assert_se(x[8] == '\0');
+ assert_se(x[9] == '\0');
}
static void test_ascii_strcasecmp_n(void) {
r = 0;
finish:
- memory_erase(buffer, sizeof(buffer));
+ explicit_bzero(buffer, sizeof(buffer));
return r;
}
r = log_debug_errno(errno, "sendto(): %m");
finish:
- memory_erase(packet, packet_length);
+ explicit_bzero(packet, packet_length);
return r;
}