It was blessed by POSIX.1-2001, and GCC says that it won't go away,
possibly ever.
memset(3) is dangerous, as the 2nd and 3rd arguments can be accidentally
swapped --who remembers what's the order of the 2nd and 3rd parameters
to memset(3) without checking the manual page or some code that uses
it?--. Some recent compilers may be able to catch that via some
warnings, but those are not infalible. And even if compiler warnings
could always catch that, the time lost in fixing or checking the docs is
lost for no clear gain. Having a sane API that is unambiguous is the
Right Thing (tm); and that API is bzero(3).
If someone doesn't believe memset(3) is error-prone, please read the
book "Unix Network Programming", Volume 1, 3rd Edition by Stevens, et
al., Section 1.2. See a stackoverflow reference in the link below[1].
bzero(3) had a bad fame in the bad old days, because some ancient
systems (I'm talking of many decades ago) shipped a broken version of
bzero(3). We can assume that all systems in which current shadow utils
can be built, have a working version of bzero(3) --if not, please fix
your broken system; don't blame the programmer--.
One reason that some use today to avoid bzero(3) in favor of memset(3)
is that memset(3) is more often used; but that's a circular reasoning.
Even if bzero(3) wasn't supported by the system, it would need to be
invented. It's the right API.
Another reason that some argue is that POSIX.1-2008 removed the
specification of bzero(3). That's not a problem, because GCC will
probably support it forever, and even if it didn't, we can redefine it
like we do with memzero(). bzero(3) is just a one-liner wrapper around
memset(3).
Link: [1] <https://stackoverflow.com/a/
17097978>
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
#include <limits.h>
#include <stdlib.h>
#include <stdio.h>
+#include <strings.h>
#include "alloc.h"
#include "prototypes.h"
}
/* Lockdown new{g,u}idmap by dropping all unneeded capabilities. */
- memset(data, 0, sizeof(data));
+ bzero(data, sizeof(data));
data[0].effective = CAP_TO_MASK(cap);
/*
* When uid 0 from the ancestor userns is supposed to be mapped into
#elif defined(HAVE_EXPLICIT_BZERO)
explicit_bzero(ptr, size);
#else
- memset(ptr, '\0', size);
+ bzero(ptr, size);
__asm__ __volatile__ ("" : : "r"(ptr) : "memory");
#endif
}
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
+#include <strings.h>
+
#include <security/pam_appl.h>
#include "alloc.h"
failed_conversation:
for (count=0; count < num_msg; count++) {
if (NULL != responses[count].resp) {
- memset (responses[count].resp, 0,
- strlen (responses[count].resp));
+ bzero(responses[count].resp,
+ strlen(responses[count].resp));
free (responses[count].resp);
responses[count].resp = NULL;
}
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <strings.h>
+
#include "prototypes.h"
#include "defines.h"
#include "getdef.h"
{
static char salt[MAX_SALT_SIZE + 6];
- memset (salt, '\0', MAX_SALT_SIZE + 6);
+ bzero(salt, MAX_SALT_SIZE + 6);
assert (salt_size >= MIN_SALT_SIZE &&
salt_size <= MAX_SALT_SIZE);
const char *method;
unsigned long rounds = 0;
- memset (result, '\0', GENSALT_SETTING_SIZE);
+ bzero(result, GENSALT_SETTING_SIZE);
if (NULL != meth)
method = meth;
method);
salt_len = MAX_SALT_SIZE;
rounds = 0;
- memset (result, '\0', GENSALT_SETTING_SIZE);
+ bzero(result, GENSALT_SETTING_SIZE);
}
#if USE_XCRYPT_GENSALT
/* Avoid -Wunused-but-set-variable. */
salt_len = GENSALT_SETTING_SIZE - 1;
rounds = 0;
- memset (result, '.', salt_len);
+ memset(result, '.', salt_len);
result[salt_len] = '\0';
}
#include <grp.h>
#include <stdint.h>
#include <stdio.h>
+#include <strings.h>
#include <sys/types.h>
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM
* shadowed password, we force the creation of a
* gshadow entry when a new password is requested.
*/
- memset (&sgrp, 0, sizeof sgrp);
+ bzero(&sgrp, sizeof sgrp);
sgrp.sg_name = xstrdup (grp.gr_name);
sgrp.sg_passwd = xstrdup (grp.gr_passwd);
sgrp.sg_adm = ∅
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <strings.h>
#include <time.h>
#include <unistd.h>
#include <getopt.h>
+
#include "nscd.h"
#include "sssd.h"
#include "prototypes.h"
static char *empty = 0;
/* add new shadow group entry */
- memset (&sgent, 0, sizeof sgent);
+ bzero(&sgent, sizeof sgent);
sgent.sg_name = gr->gr_name;
sgent.sg_passwd = gr->gr_passwd;
sgent.sg_adm = ∅
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <strings.h>
#include <time.h>
#include <unistd.h>
#include <getopt.h>
+
#include "defines.h"
#include "getdef.h"
#include "prototypes.h"
spent = *sp;
} else {
/* add new shadow entry */
- memset (&spent, 0, sizeof spent);
+ bzero(&spent, sizeof spent);
spent.sp_namp = pw->pw_name;
spent.sp_min = getdef_num ("PASS_MIN_DAYS", -1);
spent.sp_max = getdef_num ("PASS_MAX_DAYS", -1);
#endif /* USE_PAM */
#endif /* ACCT_TOOLS_SETUID */
#include <stdio.h>
+#include <strings.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <time.h>
* a shadowed password
* + aging information is requested
*/
- memset (&spent, 0, sizeof spent);
+ bzero(&spent, sizeof spent);
spent.sp_namp = user_name;
/* The user explicitly asked for a shadow feature.
projects / thirdparty / shadow.git / commitdiff
