Bug 17879

Summary: Library is missing memset_s
Product: glibc Reporter: Jeffrey Walton <noloader>
Component: stringAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED INVALID    
Severity: enhancement CC: adhemerval.zanella, drepper.fsp, msebor, noloader
Priority: P2 Flags: fweimer: security-
Version: 2.20   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:

Description Jeffrey Walton 2015-01-27 00:07:30 UTC 
memset_s is missing from the library.

I'm attempting to use memset_s to zero some memory. memset_s is guaranteed not to be optimized away, so its appealing to use it rather than the alternatives.  Zeroization is a process requirement, and I can't discard it.

bzero cannot be used because (1) its non-portable, and (2) its deprecated.

The volatile qualifier cannot be used because GCC interprets it to mean only memory that can be changed by hardware (a more lenient interpretation by the GCC folks would be very helpful. But it is what it is).

memset_s not available in 2.19:

  $ nm -D /lib/x86_64-linux-gnu/libc.so.6 | grep memset_s
  $
  $ ls -l /lib/x86_64-linux-gnu/libc.so.6 lrwxrwxrwx 1 root root 12 Dec  4 14:31 /lib/x86_64-linux-gnu/libc.so.6 -> libc-2.19.so

And checking out the latest, memset_s is not available in 2.20 (or is it 2.21?):

  $ git clone git://sourceware.org/git/glibc.git
  $ cd glibc
  $ grep -R -w memset_s *
  $

I understand the safer functions from TR 24731-1 are not popular, but there should be no objections for a memset function that is not optimized away (correct me here, please).

Please provide the memset_s for safety and portability.
Comment 1 jsm-csl@polyomino.org.uk 2015-01-27 00:47:20 UTC 
New features should be proposed on libc-alpha, not in Bugzilla.  Please 
restart the discussions there, including a careful synthesis of the 
arguments from previous libc-alpha discussions of the issue to help the 
community in reaching consensus.
Comment 2 Martin Sebor 2015-02-02 22:00:48 UTC 
The GCC -fno-builtin-memset option can be used to prevent compatible compilers from optimizing away calls to memset that aren't strictly speaking necessary.

Regarding portability: memset_s is an optional feature of the C11 standard and as such isn't really portable. (AFAIK, there also are no conforming C11 implementations that provide the optional Annex K in which the function is defined.)
Comment 3 Adhemerval Zanella 2016-10-23 14:04:08 UTC 
I will close this bug report based on comment #2.