Project

General

Profile

Submit #3155 ยป patch-lib-libc-string-explicit_bzero.diff

dcarlier, 11/14/2018 08:17 AM

View differences:

include/string.h
#if !defined(_KERNEL_VIRTUAL)
void *memmove(void *, const void *, size_t);
void *memset(void *, int, size_t);
void explicit_bzero(void *, size_t);
#endif
#if __POSIX_VISIBLE >= 200809
char *stpcpy(char * __restrict, const char * __restrict);
lib/libc/string/Makefile.inc
CFLAGS+= -I${.CURDIR}/../libc/locale
# machine-independent string sources
MISRCS+=bcmp.c bcopy.c bzero.c ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
MISRCS+=bcmp.c bcopy.c bzero.c explicit_bzero.c ffs.c ffsl.c \
ffsll.c fls.c flsl.c flsll.c \
index.c memccpy.c memchr.c memrchr.c memcmp.c \
memcpy.c memmem.c memmove.c mempcpy.c memset.c rindex.c \
stpcpy.c stpncpy.c strcasecmp.c \
lib/libc/string/Symbol.map
bcmp;
bcopy;
bzero;
explicit_bzero;
ffs;
ffsl;
ffsll;
lib/libc/string/bzero.3
.Os
.Sh NAME
.Nm bzero
.Nm explicit_bzero
.Nd write zeroes to a byte string
.Sh LIBRARY
.Lb libc
......
.In strings.h
.Ft void
.Fn bzero "void *b" "size_t len"
.Ft void
.Fn explicit_bzero "void *b" "size_t len"
.Sh DESCRIPTION
The
.Fn bzero
......
is zero,
.Fn bzero
does nothing.
.Pp
The
.Fn explicit_bzero
variant behaves the same, but will not be removed by a compiler's dead store
optimization pass, making it useful for clearing sensitive memory such as a
password.
.Sh SEE ALSO
.Xr memset 3 ,
.Xr swab 3
......
for
.St -p1003.1-2001
compliance.
.Fn explicit_bzero
function first appeared in
.Ox 5.5
lib/libc/string/explicit_bzero.c
/*-
* Copyright (c) 2018
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
#include <string.h>
void
explicit_bzero(void *dst0, size_t length)
{
dst0 = memset(dst0, 0, length);
asm volatile("" : : "r"(dst0) : "memory");
}
    (1-1/1)