From be9855bca326901f7c7fc62dac0118534a0fe135 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 20 May 2014 17:54:06 +0200 Subject: [PATCH] use safe_memset() instead of the plain memset() which can be optimized out. --- src/common.h | 15 +++++++++++++++ src/main.c | 4 ++-- src/tlslib.c | 2 +- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/common.h b/src/common.h index a810cb98..0b2d5e9c 100644 --- a/src/common.h +++ b/src/common.h @@ -52,5 +52,20 @@ int recv_socket_msg(int fd, uint8_t cmd, const char* cmd_request_to_str(unsigned cmd); +inline static +void safe_memset(void *data, int c, size_t size) +{ + volatile unsigned volatile_zero = 0; + volatile char *vdata = (volatile char*)data; + + /* This is based on a nice trick for safe memset, + * sent by David Jacobson in the openssl-dev mailing list. + */ + + do { + memset(data, c, size); + } while(vdata[volatile_zero] != c); +} + #endif diff --git a/src/main.c b/src/main.c index 433acdb2..447a310f 100644 --- a/src/main.c +++ b/src/main.c @@ -566,7 +566,7 @@ void clear_lists(main_server_st *s) if (ctmp->auth_ctx != NULL) proc_auth_deinit(s, ctmp); list_del(&ctmp->list); - memset(ctmp, 0, sizeof(*ctmp)); + safe_memset(ctmp, 0, sizeof(*ctmp)); free(ctmp); s->proc_list.total--; } @@ -584,7 +584,7 @@ void clear_lists(main_server_st *s) tls_cache_deinit(s->tls_db); ip_lease_deinit(&s->ip_leases); ctl_handler_deinit(s); - memset(s->cookie_key, 0, sizeof(s->cookie_key)); + safe_memset(s->cookie_key, 0, sizeof(s->cookie_key)); } static void kill_children(main_server_st* s) diff --git a/src/tlslib.c b/src/tlslib.c index 21030f79..003cc643 100644 --- a/src/tlslib.c +++ b/src/tlslib.c @@ -203,7 +203,7 @@ struct htable_iter iter; cache = htable_first(&db->ht, &iter); while(cache != NULL) { if (cache->session_data_size > 0) { - memset(cache->session_data, 0, cache->session_data_size); + safe_memset(cache->session_data, 0, cache->session_data_size); cache->session_data_size = 0; cache->session_id_size = 0; }