From: Andreas Schneider <asn@samba.org>
Date: Thu, 16 Oct 2025 09:19:51 +0000 (+0200)
Subject: Replace memset_s() with memset_explicit()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e81b73a050e511c658afc786478431ceef175ee;p=thirdparty%2Fsamba.git

Replace memset_s() with memset_explicit()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---

diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 21e6d2d960d..f6716d8b0eb 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -811,50 +811,50 @@ typedef unsigned long long ptrdiff_t ;
 /**
  * Zero a structure.
  */
-#define ZERO_STRUCT(x) memset_s((char *)&(x), sizeof(x), 0, sizeof(x))
+#define ZERO_STRUCT(x) memset_explicit((char *)&(x), 0, sizeof(x))
 
 /**
  * Zero a structure given a pointer to the structure.
  */
 #define ZERO_STRUCTP(x) do { \
 	if ((x) != NULL) { \
-		memset_s((char *)(x), sizeof(*(x)), 0, sizeof(*(x))); \
+		memset_explicit((char *)(x), 0, sizeof(*(x))); \
 	} \
 } while(0)
 
 /**
  * Zero a structure given a pointer to the structure - no zero check
  */
-#define ZERO_STRUCTPN(x) memset_s((char *)(x), sizeof(*(x)), 0, sizeof(*(x)))
+#define ZERO_STRUCTPN(x) memset_explicit((char *)(x), 0, sizeof(*(x)))
 
 /**
  * Zero an array - note that sizeof(array) must work - ie. it must not be a
  * pointer
  */
-#define ZERO_ARRAY(x) memset_s((char *)(x), sizeof(x), 0, sizeof(x))
+#define ZERO_ARRAY(x) memset_explicit((char *)(x), 0, sizeof(x))
 
 /**
  * Zero a given len of an array
  */
-#define ZERO_ARRAY_LEN(x, l) memset_s((char *)(x), (l), 0, (l))
+#define ZERO_ARRAY_LEN(x, l) memset_explicit((char *)(x), 0, (l))
 
 /**
  * Explicitly zero data from memory. This is guaranteed to be not optimized
  * away.
  */
-#define BURN_DATA(x) memset_s((char *)&(x), sizeof(x), 0, sizeof(x))
+#define BURN_DATA(x) memset_explicit((char *)&(x), 0, sizeof(x))
 
 /**
  * Explicitly zero data from memory. This is guaranteed to be not optimized
  * away.
  */
-#define BURN_DATA_SIZE(x, s) memset_s((char *)&(x), (s), 0, (s))
+#define BURN_DATA_SIZE(x, s) memset_explicit((char *)&(x), 0, (s))
 
 /**
  * Explicitly zero data from memory. This is guaranteed to be not optimized
  * away.
  */
-#define BURN_PTR_SIZE(x, s) memset_s((x), (s), 0, (s))
+#define BURN_PTR_SIZE(x, s) memset_explicit((x), 0, (s))
 
 /**
  * Explicitly zero data in string. This is guaranteed to be not optimized
@@ -863,7 +863,7 @@ typedef unsigned long long ptrdiff_t ;
 #define BURN_STR(x)	do { \
 				if ((x) != NULL) { \
 					size_t s = strlen(x); \
-					memset_s((x), s, 0, s); \
+					memset_explicit((x), 0, s); \
 				} \
 			} while(0)
 
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index ac3d26fcb52..2f13a2c64a9 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -2837,7 +2837,7 @@ _PUBLIC_ void *_talloc_realloc_array_zero(const void *ctx,
 
 	if (newsize > existing) {
 		size_t to_zero = newsize - existing;
-		memset_s(((char *)newptr) + existing, to_zero, 0, to_zero);
+		memset_explicit(((char *)newptr) + existing, 0, to_zero);
 	}
 
 	return newptr;
diff --git a/lib/util/memory.h b/lib/util/memory.h
index 40c66d824a1..ff51a6ebe49 100644
--- a/lib/util/memory.h
+++ b/lib/util/memory.h
@@ -40,7 +40,7 @@
 #define BURN_FREE_STR(x) do { \
 				if ((x) != NULL) { \
 					size_t s = strlen(x); \
-					memset_s((x), s, 0, s); \
+					memset_explicit((x), 0, s); \
 					free(x); (x) = NULL; \
 				} \
 			} while(0)
@@ -53,7 +53,7 @@
  **/
 #define BURN_FREE(x, s) do { \
 				if ((x) != NULL) { \
-					memset_s((x), (s), 0, (s)); \
+					memset_explicit((x), 0, (s)); \
 					free(x); (x) = NULL; \
 				} \
 			} while(0)
@@ -78,7 +78,7 @@
  * Zero a structure.
  */
 #ifndef ZERO_STRUCT
-#define ZERO_STRUCT(x) memset_s((char *)&(x), sizeof(x), 0, sizeof(x))
+#define ZERO_STRUCT(x) memset_explicit((char *)&(x), 0, sizeof(x))
 #endif
 
 /**
@@ -87,7 +87,7 @@
 #ifndef ZERO_STRUCTP
 #define ZERO_STRUCTP(x) do { \
 	if ((x) != NULL) { \
-		memset_s((char *)(x), sizeof(*(x)), 0, sizeof(*(x))); \
+		memset_explicit((char *)(x), 0, sizeof(*(x))); \
 	} \
 } while(0)
 #endif
@@ -96,7 +96,7 @@
  * Zero a structure given a pointer to the structure - no zero check.
  */
 #ifndef ZERO_STRUCTPN
-#define ZERO_STRUCTPN(x) memset_s((char *)(x), sizeof(*(x)), 0, sizeof(*(x)))
+#define ZERO_STRUCTPN(x) memset_explicit((char *)(x), 0, sizeof(*(x)))
 #endif
 
 /**
@@ -104,13 +104,15 @@
  * pointer.
  */
 #ifndef ZERO_ARRAY
-#define ZERO_ARRAY(x) memset_s((char *)(x), sizeof(x), 0, sizeof(x))
+#define ZERO_ARRAY(x) memset_explicit((char *)(x), 0, sizeof(x))
 #endif
 
 /**
  * Zero a given len of an array
  */
-#define ZERO_ARRAY_LEN(x, l) memset_s((char *)(x), (l), 0, (l))
+#ifndef ZERO_ARRAY_LEN
+#define ZERO_ARRAY_LEN(x, l) memset_explicit((char *)(x), 0, (l))
+#endif
 
 /**
  * Work out how many elements there are in a static array
diff --git a/lib/util/tests/test_talloc_keep_secret.c b/lib/util/tests/test_talloc_keep_secret.c
index 1462dabe956..66c3f7f3e7a 100644
--- a/lib/util/tests/test_talloc_keep_secret.c
+++ b/lib/util/tests/test_talloc_keep_secret.c
@@ -8,12 +8,11 @@
 #include <talloc.h>
 #include "lib/util/talloc_keep_secret.h"
 
-int rep_memset_s(void *dest, size_t destsz, int ch, size_t count);
+int rep_memset_explicit(void *dest, int ch, size_t count);
 
-int rep_memset_s(void *dest, size_t destsz, int ch, size_t count)
+int rep_memset_explicit(void *dest, int ch, size_t count)
 {
 	check_expected_ptr(dest);
-	check_expected(destsz);
 	check_expected(ch);
 	check_expected(count);
 
@@ -44,10 +43,9 @@ static void test_talloc_keep_secret(void ** state)
 	ptr1_size = talloc_get_size(ptr1);
 	assert_int_equal(ptr1_size, strlen(ptr1) + 1);
 
-	expect_string(rep_memset_s, dest, "secret");
-	expect_value(rep_memset_s, destsz, strlen(ptr1) + 1);
-	expect_value(rep_memset_s, ch, (int)'\0');
-	expect_value(rep_memset_s, count, strlen(ptr1) + 1);
+	expect_string(rep_memset_explicit, dest, "secret");
+	expect_value(rep_memset_explicit, ch, (int)'\0');
+	expect_value(rep_memset_explicit, count, strlen(ptr1) + 1);
 
 	talloc_free(ptr1);
 
@@ -73,10 +71,9 @@ static void test_talloc_keep_secret_validate_memset(void **state)
 	assert_non_null(password);
 	talloc_keep_secret(password);
 
-	expect_string(rep_memset_s, dest, "secret");
-	expect_value(rep_memset_s, destsz, strlen(password) + 1);
-	expect_value(rep_memset_s, ch, (int)'\0');
-	expect_value(rep_memset_s, count, strlen(password) + 1);
+	expect_string(rep_memset_explicit, dest, "secret");
+	expect_value(rep_memset_explicit, ch, (int)'\0');
+	expect_value(rep_memset_explicit, count, strlen(password) + 1);
 
 	talloc_free(mem_ctx);
 }