diff options
| -rw-r--r-- | CMakeLists.txt | 9 | ||||
| -rw-r--r-- | config.h.in | 4 | ||||
| -rw-r--r-- | src/libutil/util.c | 30 | ||||
| -rw-r--r-- | src/libutil/util.h | 7 |
4 files changed, 49 insertions, 1 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 96a4b6bd1..4bad6643c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -728,8 +728,15 @@ CHECK_FUNCTION_EXISTS(mkstemp HAVE_MKSTEMP) CHECK_FUNCTION_EXISTS(setitimer HAVE_SETITIMER) CHECK_FUNCTION_EXISTS(inet_pton HAVE_INET_PTON) CHECK_FUNCTION_EXISTS(clock_gettime HAVE_CLOCK_GETTIME) +CHECK_FUNCTION_EXISTS(memset_s HAVE_MEMSET_S) +CHECK_FUNCTION_EXISTS(explicit_bzero HAVE_EXPLICIT_BZERO) +CHECK_C_SOURCE_COMPILES( +"#include <stddef.h> +void cmkcheckweak() __attribute__((weak)); +int main(int argc, char** argv) { + return cmkcheckweak == NULL; +}" HAVE_WEAK_SYMBOLS) -# # Check macros CHECK_SYMBOL_EXISTS(PATH_MAX limits.h HAVE_PATH_MAX) diff --git a/config.h.in b/config.h.in index 0520da671..c1e819fb2 100644 --- a/config.h.in +++ b/config.h.in @@ -221,6 +221,10 @@ #cmakedefine HAVE_SCHED_YEILD 1 #cmakedefine HAVE_PTHREAD_PROCESS_SHARED 1 +#cmakedefine HAVE_MEMSET_S 1 +#cmakedefine HAVE_EXPLICIT_BZERO 1 +#cmakedefine HAVE_WEAK_SYMBOLS 1 + /* Configure allocator */ #define uthash_malloc(sz) g_slice_alloc(sz) #define uthash_free(ptr,sz) g_slice_free1(sz, ptr) diff --git a/src/libutil/util.c b/src/libutil/util.c index f88ed8e72..9b9d17fb0 100644 --- a/src/libutil/util.c +++ b/src/libutil/util.c @@ -2201,3 +2201,33 @@ randombytes (guchar *buf, guint64 len) { ottery_rand_bytes (buf, (size_t)len); } + +#ifdef HAVE_WEAK_SYMBOLS +__attribute__((weak)) void +_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len) +{ + (void) pnt; + (void) len; +} +#endif + +void +rspamd_explicit_memzero(void * const pnt, const gsize len) +{ +#if defined(HAVE_MEMSET_S) + if (memset_s (pnt, (rsize_t) len, 0, (rsize_t) len) != 0) { + g_assert (0); + } +#elif defined(HAVE_EXPLICIT_BZERO) + explicit_bzero (pnt, len); +#elif defined(HAVE_WEAK_SYMBOLS) + memset (pnt, 0, len); + _dummy_symbol_to_prevent_lto (pnt, len); +#else + volatile unsigned char *pnt_ = (volatile unsigned char *) pnt; + gsize i = (gsize) 0U; + while (i < len) { + pnt_[i++] = 0U; + } +#endif +} diff --git a/src/libutil/util.h b/src/libutil/util.h index fd584938f..704bc3d63 100644 --- a/src/libutil/util.h +++ b/src/libutil/util.h @@ -434,4 +434,11 @@ gchar * rspamd_encode_base32 (const guchar *in, gsize inlen); */ guchar* rspamd_decode_base32 (const gchar *in, gsize inlen, gsize *outlen); +/** + * Securely clear the buffer specified + * @param buf + * @param buflen + */ +void rspamd_explicit_memzero (void * const buf, gsize buflen); + #endif |