This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/3] New string function explicit_bzero (from OpenBSD).
- From: Florian Weimer <fweimer at redhat dot com>
- To: Zack Weinberg <zackw at panix dot com>, libc-alpha at sourceware dot org
- Date: Thu, 6 Oct 2016 12:03:28 +0200
- Subject: Re: [PATCH 1/3] New string function explicit_bzero (from OpenBSD).
- Authentication-results: sourceware.org; auth=none
- References: <20160915130507.20993-1-zackw@panix.com> <20160915130507.20993-2-zackw@panix.com>
On 09/15/2016 03:05 PM, Zack Weinberg wrote:
+/* As bzero, but the compiler will not delete a call to this
+ function, even if S is dead after the call. */
+extern void explicit_bzero (void *__s, size_t __n) __THROW __nonnull ((1));
I would like to redirect callers to __explicit_bzero, so that shared
objects do not accidentally pick up an implementation of explicit_bzero
which may or may not do the right thing.
I did this in my getrandom implementation:
<https://sourceware.org/ml/libc-alpha/2016-09/msg00203.html>
You can use __REDIRECT_NTH (meanining no exceptions) instead of __REDIRECT.
This requires exporting both __explicit_bzero and explicit_bzero. We
need a symbol in the implementation namespace anyway because crypt is in
POSIX, but explicit_bzero is not.
From the test, I would suggest to remove the fflush (stdout) calls.
There are some whitespace GNU-style violations as well (missing space
before paren in function call):
+struct key get_key(void);
+void use_key(struct key);
+with_clear(void)
+ k = get_key();
+ use_key(k);
+ explicit_bzero(&k, sizeof(k));
+__glibc_read_memory(const void *s, size_t len)
+ printf ("ERROR: block(SIGUSR1): %s\n", strerror (errno));
+ printf ("ERROR: sigaction(SIGUSR1): %s\n", strerror (errno));
+ printf ("ERROR: raise(SIGUSR1): %s\n", strerror (errno));
+ printf ("ERROR: unblock(SIGUSR1): %s\n", strerror (errno));
+ printf ("ERROR: unblock(SIGUSR1): %s\n", strerror(errno));
Thanks,
Florian