From e23313b949a529fda2b1e1fd025f00e52248e430 Mon Sep 17 00:00:00 2001 From: delphij Date: Tue, 7 Oct 2014 04:54:11 +0000 Subject: Add explicit_bzero(3) and its kernel counterpart. Obtained from: OpenBSD MFC after: 2 weeks --- lib/libc/string/Makefile.inc | 3 ++- lib/libc/string/Symbol.map | 4 ++++ lib/libc/string/bzero.3 | 18 +++++++++++++++++- lib/libc/string/explicit_bzero.c | 22 ++++++++++++++++++++++ 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 lib/libc/string/explicit_bzero.c (limited to 'lib/libc') diff --git a/lib/libc/string/Makefile.inc b/lib/libc/string/Makefile.inc index 731f4fc..04f6376 100644 --- a/lib/libc/string/Makefile.inc +++ b/lib/libc/string/Makefile.inc @@ -6,7 +6,8 @@ CFLAGS+= -I${LIBC_SRCTOP}/locale # machine-independent string sources -MISRCS+=bcmp.c bcopy.c bzero.c ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \ +MISRCS+=bcmp.c bcopy.c bzero.c explicit_bzero.c \ + ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \ memccpy.c memchr.c memrchr.c memcmp.c \ memcpy.c memmem.c memmove.c memset.c \ stpcpy.c stpncpy.c strcasecmp.c \ diff --git a/lib/libc/string/Symbol.map b/lib/libc/string/Symbol.map index 8e80165..5961092 100644 --- a/lib/libc/string/Symbol.map +++ b/lib/libc/string/Symbol.map @@ -100,6 +100,10 @@ FBSD_1.3 { wcwidth_l; }; +FBSD_1.4 { + explicit_bzero; +}; + FBSDprivate_1.0 { __strtok_r; }; diff --git a/lib/libc/string/bzero.3 b/lib/libc/string/bzero.3 index 029644a..ea572be 100644 --- a/lib/libc/string/bzero.3 +++ b/lib/libc/string/bzero.3 @@ -35,7 +35,8 @@ .Dt BZERO 3 .Os .Sh NAME -.Nm bzero +.Nm bzero , +.Nm explicit_bzero .Nd write zeroes to a byte string .Sh LIBRARY .Lb libc @@ -43,6 +44,8 @@ .In strings.h .Ft void .Fn bzero "void *b" "size_t len" +.Ft void +.Fn explicit_bzero "void *b" "size_t len" .Sh DESCRIPTION The .Fn bzero @@ -56,6 +59,12 @@ If is zero, .Fn bzero does nothing. +.Pp +The +.Fn explicit_bzero +variant behaves the same, but will not be removed by a compiler's dead store +optimization pass, making it useful for clearing sensitive memory such as a +password. .Sh SEE ALSO .Xr memset 3 , .Xr swab 3 @@ -72,3 +81,10 @@ before it was moved to for .St -p1003.1-2001 compliance. +.Pp +The +.Fn explicit_bzero +function first appeared in +.Ox 5.5 +and +.Fx 11.0 . diff --git a/lib/libc/string/explicit_bzero.c b/lib/libc/string/explicit_bzero.c new file mode 100644 index 0000000..a7811b0 --- /dev/null +++ b/lib/libc/string/explicit_bzero.c @@ -0,0 +1,22 @@ +/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ +/* + * Public domain. + * Written by Matthew Dempsky. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include + +__attribute__((weak)) void +__explicit_bzero_hook(void *buf, size_t len) +{ +} + +void +explicit_bzero(void *buf, size_t len) +{ + memset(buf, 0, len); + __explicit_bzero_hook(buf, len); +} -- cgit v1.1 From 7ec118515fb7f893e4b294080d17207ab8351908 Mon Sep 17 00:00:00 2001 From: delphij Date: Tue, 7 Oct 2014 04:59:11 +0000 Subject: Add MLINK for explicit_bzero(3) and bump .Dd date. MFC after: 2 weeks --- lib/libc/string/Makefile.inc | 1 + lib/libc/string/bzero.3 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/libc') diff --git a/lib/libc/string/Makefile.inc b/lib/libc/string/Makefile.inc index 04f6376..385837c 100644 --- a/lib/libc/string/Makefile.inc +++ b/lib/libc/string/Makefile.inc @@ -36,6 +36,7 @@ MAN+= bcmp.3 bcopy.3 bstring.3 bzero.3 ffs.3 index.3 memccpy.3 memchr.3 \ strspn.3 strstr.3 strtok.3 strxfrm.3 swab.3 wcscoll.3 wcstok.3 \ wcswidth.3 wcsxfrm.3 wmemchr.3 +MLINKS+=bzero.3 explicit_bzero.3 MLINKS+=ffs.3 ffsl.3 \ ffs.3 ffsll.3 \ ffs.3 fls.3 \ diff --git a/lib/libc/string/bzero.3 b/lib/libc/string/bzero.3 index ea572be..5af1bcf 100644 --- a/lib/libc/string/bzero.3 +++ b/lib/libc/string/bzero.3 @@ -31,7 +31,7 @@ .\" @(#)bzero.3 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd October 6, 2014 .Dt BZERO 3 .Os .Sh NAME -- cgit v1.1 From 19b981bc1304f22a4e8b3b97f98e6df5fefca782 Mon Sep 17 00:00:00 2001 From: ache Date: Tue, 7 Oct 2014 06:02:08 +0000 Subject: Back out timegm error check from r272562. POSIX treats negative time_t as undefined (i.e. may be valid too, depends on system's policy we don't have) and we don't set EOVERFLOW in mktime/timegm as POSIX requires to surely distinguish -1 return as valid negative time from -1 as error return. --- lib/libc/stdtime/strptime.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib/libc') diff --git a/lib/libc/stdtime/strptime.c b/lib/libc/stdtime/strptime.c index 55c9960..e942e04 100644 --- a/lib/libc/stdtime/strptime.c +++ b/lib/libc/stdtime/strptime.c @@ -676,8 +676,6 @@ strptime_l(const char * __restrict buf, const char * __restrict fmt, if (ret && gmt) { time_t t = timegm(tm); - if (t == -1) - return (NULL); localtime_r(&t, tm); } -- cgit v1.1 From cdbe7846a912f2650f947b9b11644306f2c31de3 Mon Sep 17 00:00:00 2001 From: ache Date: Tue, 7 Oct 2014 06:34:05 +0000 Subject: 1) Fix the case we have less arguments for format string than we expected. 2) Return error on unsupported format specs. (both according to POSIX) PR: 93197 --- lib/libc/stdtime/strptime.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib/libc') diff --git a/lib/libc/stdtime/strptime.c b/lib/libc/stdtime/strptime.c index e942e04..2be6358 100644 --- a/lib/libc/stdtime/strptime.c +++ b/lib/libc/stdtime/strptime.c @@ -103,9 +103,6 @@ _strptime(const char *buf, const char *fmt, struct tm *tm, int *GMTp, ptr = fmt; while (*ptr != 0) { - if (*buf == 0) - break; - c = *ptr++; if (c != '%') { @@ -123,7 +120,6 @@ _strptime(const char *buf, const char *fmt, struct tm *tm, int *GMTp, label: c = *ptr++; switch (c) { - case 0: case '%': if (*buf++ != '%') return (NULL); @@ -600,6 +596,9 @@ label: while (isspace_l((unsigned char)*buf, locale)) buf++; break; + + default: + return (NULL); } } -- cgit v1.1