Merge pull request #488 from cgzones/secure_zero

Ensure memory cleaning
2022-01-03 09:31:43 -06:00 · 2022-01-03 09:31:43 -06:00 · 51e77b9a96
commit 51e77b9a96
parent eccf1c569c 7a799ebb2c
2 changed files with 15 additions and 2 deletions
--- a/configure.ac
+++ b/configure.ac
@ -56,7 +56,7 @@ AC_CHECK_FUNCS(arc4random_buf l64a fchmod fchown fsync futimes \
 	getutent initgroups lchown lckpwdf lstat lutimes \
 	setgroups sigaction strchr updwtmp updwtmpx innetgr getpwnam_r \
 	getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo ruserok \
-	dlopen)
+	dlopen memset_s explicit_bzero)
 AC_SYS_LARGEFILE

 dnl Checks for typedefs, structures, and compiler characteristics.
--- a/lib/defines.h
+++ b/lib/defines.h
@ -111,7 +111,20 @@ char *strchr (), *strrchr (), *strtok ();
 # endif
 #endif				/* not TIME_WITH_SYS_TIME */

-#define memzero(ptr, size) memset((void *)(ptr), 0, (size))
+#ifdef HAVE_MEMSET_S
+# define memzero(ptr, size) memset_s((ptr), 0, (size))
+#elif defined HAVE_EXPLICIT_BZERO	/* !HAVE_MEMSET_S */
+# define memzero(ptr, size) explicit_bzero((ptr), (size))
+#else					/* !HAVE_MEMSET_S && HAVE_EXPLICIT_BZERO */
+static inline void memzero(void *ptr, size_t size)
+{
+	volatile unsigned char * volatile p = ptr;
+	while (size--) {
+		*p++ = '\0';
+	}
+}
+#endif					/* !HAVE_MEMSET_S && !HAVE_EXPLICIT_BZERO */
+
 #define strzero(s) memzero(s, strlen(s))	/* warning: evaluates twice */

 #ifdef HAVE_DIRENT_H		/* DIR_SYSV */