MINOR: tools: add a secure implementation of memset

This guarantees that the compiler will not optimize away the memset()
call if it detects a dead store.

Use this to clear SSL passphrases.

No backport needed.

diff --git a/include/haproxy/tools.h b/include/haproxy/tools.h
index 89b297a56c2656210bc5b387325c266fcd17661d..f181a7601413b9f7486ac798f63c70cb037b0c03 100644 (file)
--- a/include/haproxy/tools.h
+++ b/include/haproxy/tools.h
@@ -1490,4 +1490,6 @@ int path_base(const char *path, const char *base, char *dst, char **err);
 
 void ha_freearray(char ***array);
 
+void ha_memset_s(void *s, int c, size_t n);
+
 #endif /* _HAPROXY_TOOLS_H */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index aad4e56deb9490b14a26df0b2e53c4ce2eb43ca5..0f18132b197e7e01643d4f1fb7ff040c0406de29 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3756,7 +3756,7 @@ static int ssl_sock_clear_passphrase_cache(void)
 
                        /* Erase stored passphrases just in case some memory
                         * ends up leaking */
-                       memset(passphrase_cache[idx].ptr, 0, passphrase_cache[idx].len);
+                       ha_memset_s(passphrase_cache[idx].ptr, 0, passphrase_cache[idx].len);
                        istfree(&passphrase_cache[idx]);
                }
                ha_free(&passphrase_cache);

diff --git a/src/tools.c b/src/tools.c
index e64c55ada166754877a779f17d044cb20fcb6f0b..f33800580df1e1e73cb5c7fbe453e0dd0aa88cbc 100644 (file)
--- a/src/tools.c
+++ b/src/tools.c
@@ -7438,6 +7438,15 @@ void ha_freearray(char ***array)
        *array = NULL;
 }
 
+/*
+ * Secure implementation of memset that cannot be optimized away.
+ */
+void ha_memset_s(void *s, int c, size_t n)
+{
+       memset(s, c, n);
+       __asm__ __volatile__("" : : "r"(s) : "memory");
+}
+
 /*
  * Local variables:
  *  c-indent-level: 8