From: Zbigniew Jędrzejewski-Szmek Date: Mon, 6 Feb 2017 01:05:27 +0000 (-0500) Subject: treewide: replace homegrown memory_erase with explicit_bzero X-Git-Tag: v233.3~73 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=9270bff168ecc98d1761a32ca28b1f3906b093f2 treewide: replace homegrown memory_erase with explicit_bzero explicit_bzero was added in glibc 2.25. Make use of it. explicit_bzero is hardcoded to zero the memory, so string erase now truncates the string, instead of overwriting it with 'x'. This causes a visible difference only in the journalctl case. --- diff --git a/src/basic/string-util.c b/src/basic/string-util.c index b906b581c..9b060a9a2 100644 --- a/src/basic/string-util.c +++ b/src/basic/string-util.c @@ -825,6 +825,7 @@ int free_and_strdup(char **p, const char *s) { return 1; } +#if !HAVE_DECL_EXPLICIT_BZERO /* * Pointer to memset is volatile so that compiler must de-reference * the pointer and can't assume that it points to any function in @@ -835,19 +836,19 @@ typedef void *(*memset_t)(void *,int,size_t); static volatile memset_t memset_func = memset; -void* memory_erase(void *p, size_t l) { - return memset_func(p, 'x', l); +void explicit_bzero(void *p, size_t l) { + memset_func(p, '\0', l); } +#endif char* string_erase(char *x) { - if (!x) return NULL; /* A delicious drop of snake-oil! To be called on memory where * we stored passphrases or so, after we used them. */ - - return memory_erase(x, strlen(x)); + explicit_bzero(x, strlen(x)); + return x; } char *string_free_erase(char *s) { diff --git a/src/basic/string-util.h b/src/basic/string-util.h index 668b63907..38c7c1009 100644 --- a/src/basic/string-util.h +++ b/src/basic/string-util.h @@ -197,7 +197,10 @@ static inline void *memmem_safe(const void *haystack, size_t haystacklen, const return memmem(haystack, haystacklen, needle, needlelen); } -void* memory_erase(void *p, size_t l); +#if !HAVE_DECL_EXPLICIT_BZERO +void explicit_bzero(void *p, size_t l); +#endif + char *string_erase(char *x); char *string_free_erase(char *s);