newgrp: use libc explicit_bzero() when it is available

This currently new function will be part of glibc 2.25.

Reference: https://sourceware.org/git/?p=glibc.git;a=commit;h=ea1bd74defcf9d5291d14972e63105168ca9eb4f
Signed-off-by: Sami Kerola <kerolasa@iki.fi>

diff --git a/configure.ac b/configure.ac
index 796364f710a09b5d60baa964bf584e8602beb087..c50f07a47b645ebbf68dd6616b8d810544c42a8c 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -379,6 +379,7 @@ AC_CHECK_FUNCS([ \
        __secure_getenv \
        err \
        errx \
+       explicit_bzero \
        fsync \
        utimensat \
        getdomainname \

diff --git a/login-utils/newgrp.c b/login-utils/newgrp.c
index 367333ec3bbc318ce614b694265eb96c7e8f06e4..63a45cd6a010ac07923f5b6a091fc361a92b37ab 100644 (file)
--- a/login-utils/newgrp.c
+++ b/login-utils/newgrp.c
@@ -60,6 +60,7 @@ static char *xgetpass(FILE *input, const char *prompt)
        return pass;
 }
 
+#ifndef HAVE_EXPLICIT_BZERO
 /* Ensure memory is set to value c without compiler optimization getting
  * into way that could happen with memset(3). */
 static int xmemset_s(void *v, size_t sz, const int c)
@@ -72,6 +73,7 @@ static int xmemset_s(void *v, size_t sz, const int c)
                *p++ = c;
        return 0;
 }
+#endif
 
 /* try to read password from gshadow */
 static char *get_gshadow_pwd(const char *groupname)
@@ -148,7 +150,11 @@ static int allow_setgid(const struct passwd *pe, const struct group *ge)
        if (pwd && *pwd && (xpwd = xgetpass(stdin, _("Password: ")))) {
                char *cbuf = crypt(xpwd, pwd);
 
+#ifdef HAVE_EXPLICIT_BZERO
+               explicit_bzero(xpwd, strlen(xpwd));
+#else
                xmemset_s(xpwd, strlen(xpwd), 0);
+#endif
                free(xpwd);
                if (!cbuf)
                        warn(_("crypt failed"));