[gnutls-help] gnutls_memset: use explicit_bzero
Maciej S. Szmigiero
mail at maciej.szmigiero.name
Mon Mar 11 00:02:42 CET 2019
> That is, use the glibc function when available and the second
> parameter is zero.
>
> Resolves #230
>
> Signed-off-by: Nikos Mavrogiannopoulos <nmav at redhat.com>
> ---(..)
> --- a/lib/safe-memfuncs.c
> +++ b/lib/safe-memfuncs.c
> @@ -33,14 +30,18 @@
> * This function will operate similarly to memset(), but will
> * not be optimized out by the compiler.
> *
> - * Returns: void.
> - *
> * Since: 3.4.0
> **/
> void gnutls_memset(void *data, int c, size_t size)
> {
> - volatile unsigned volatile_zero = 0;
> + volatile unsigned volatile_zero;
> volatile char *vdata = (volatile char*)data;
> +#ifdef HAVE_EXPLICIT_BZERO
> + if (c == 0) {
> + explicit_bzero(data, size);
Shouldn't the function return here?
Because otherwise it is doing the zeroing twice:
first time via explicit_bzero(),
second time via a volatile trick below.
> + }
> +#endif
> + volatile_zero = 0;
>
> /* This is based on a nice trick for safe memset,
> * sent by David Jacobson in the openssl-dev mailing list.
Maciej
More information about the Gnutls-help
mailing list