shared: better implement compat version of explicit_bzero()

If we don't have explicit_bzero(), try a bit harder and use a volatile pointer. This is also what libsecret's egg_secure_clear() does [1]. However, for us this is less important, because commonly we expect glibc to provide a useable explicit_bzero(). [1] b5442654d4/egg/egg-secure-memory.c (L1352)
2025-12-30 22:30:11 +01:00 · 2019-04-02 19:20:43 +02:00 · 2019-04-02 19:20:43 +02:00 · 61aad8cda4
commit 61aad8cda4
parent e504b7fc96
1 changed files with 13 additions and 6 deletions
--- a/shared/nm-utils/nm-secret-utils.c
+++ b/shared/nm-utils/nm-secret-utils.c
@ -30,15 +30,22 @@ void
 nm_explicit_bzero (void *s, gsize n)
 {
 	/* gracefully handle n == 0. This is important, callers rely on it. */
-	if (n > 0) {
-		nm_assert (s);
+	if (n == 0)
+		return;
+
+	nm_assert (s);
+
 #if defined (HAVE_DECL_EXPLICIT_BZERO) && HAVE_DECL_EXPLICIT_BZERO
-		explicit_bzero (s, n);
+	explicit_bzero (s, n);
 #else
-		/* don't bother with a workaround. Use a reasonable glibc. */
-		memset (s, 0, n);
-#endif
+	{
+		volatile guint8 *p = s;
+
+		memset (s, '\0', n);
+		while (n-- > 0)
+			*(p++) = '\0';
 	}
+#endif
 }

 /*****************************************************************************/