coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/2] shred: use explicit_bzero

From: Paul Eggert
Subject: [PATCH 2/2] shred: use explicit_bzero
Date: Thu, 20 Jul 2017 14:03:13 -0700 
* NEWS: Document this.
* bootstrap.conf (gnulib_modules): Add explicit_bzero.
* gl/lib/randint.c (randint_free):
* gl/lib/randread.c (randread_free):
* src/blake2/blake2-impl.h (secure_zero_memory):
* src/shred.c (dopass, do_wipefd):
Prefer explicit_bzero to memset when erasing secrets.
---
 NEWS                     | 4 ++++
 bootstrap.conf           | 1 +
 gl/lib/randint.c         | 2 +-
 gl/lib/randread.c        | 2 +-
 src/blake2/blake2-impl.h | 3 +--
 src/shred.c              | 4 ++--
 6 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index 110229bd8..dfd2837a0 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,10 @@ GNU coreutils NEWS                                    -*- 
outline -*-
   Now, it prints a diagnostic or a line to stdout for each argument.
   [bug introduced in the bourne-shell-to-C rewrite for coreutils-6.11]
 
+  shred now erases buffers containing secrets via the explicit_bzero
+  function, which should be more reliable.
+  [potential bug has always been present in 'shred']
+
   split no longer exits when invocations of a --filter return EPIPE.
   [bug introduced in coreutils-8.26]
 
diff --git a/bootstrap.conf b/bootstrap.conf
index 4db77a3d7..9064a94bb 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -69,6 +69,7 @@ gnulib_modules="
   euidaccess
   exclude
   exitfail
+  explicit_bzero
   faccessat
   fadvise
   fchdir
diff --git a/gl/lib/randint.c b/gl/lib/randint.c
index 4561067e8..b15982f46 100644
--- a/gl/lib/randint.c
+++ b/gl/lib/randint.c
@@ -198,7 +198,7 @@ randint_genmax (struct randint_source *s, randint genmax)
 void
 randint_free (struct randint_source *s)
 {
-  memset (s, 0, sizeof *s);
+  explicit_bzero (s, sizeof *s);
   free (s);
 }
 
diff --git a/gl/lib/randread.c b/gl/lib/randread.c
index 9c70a1875..834f8446a 100644
--- a/gl/lib/randread.c
+++ b/gl/lib/randread.c
@@ -341,7 +341,7 @@ int
 randread_free (struct randread_source *s)
 {
   FILE *source = s->source;
-  memset (s, 0, sizeof *s);
+  explicit_bzero (s, sizeof *s);
   free (s);
   return (source ? fclose (source) : 0);
 }
diff --git a/src/blake2/blake2-impl.h b/src/blake2/blake2-impl.h
index 5dff7fc7a..241e5abf5 100644
--- a/src/blake2/blake2-impl.h
+++ b/src/blake2/blake2-impl.h
@@ -153,8 +153,7 @@ static BLAKE2_INLINE uint64_t rotr64( const uint64_t w, 
const unsigned c )
 /* prevents compiler optimizing out memset() */
 static BLAKE2_INLINE void secure_zero_memory(void *v, size_t n)
 {
-  static void *(*const volatile memset_v)(void *, int, size_t) = &memset;
-  memset_v(v, 0, n);
+  explicit_bzero (v, n);
 }
 
 #endif
diff --git a/src/shred.c b/src/shred.c
index 7926e7aa4..c95546cb7 100644
--- a/src/shred.c
+++ b/src/shred.c
@@ -653,7 +653,7 @@ dopass (int fd, struct stat const *st, char const *qname, 
off_t *sizep,
     }
 
 free_pattern_mem:
-  memset (pbuf, 0, FILLPATTERN_SIZE);
+  explicit_bzero (pbuf, FILLPATTERN_SIZE);
   free (fill_pattern_mem);
 
   return other_error ? -1 : write_error;
@@ -987,7 +987,7 @@ do_wipefd (int fd, char const *qname, struct randint_source 
*s,
     }
 
 wipefd_out:
-  memset (passarray, 0, flags->n_iterations * sizeof (int));
+  explicit_bzero (passarray, flags->n_iterations * sizeof (int));
   free (passarray);
   return ok;
 }
-- 
2.13.3
reply via email to
[Prev in Thread] Current Thread [Next in Thread]