libbsd: Branch 'master' - 2 commits

Wed Sep 23 20:49:04 PDT 2015

include/bsd/string.h |    2 +
 man/Makefile.am      |    1 
 man/explicit_bzero.3 |   72 +++++++++++++++++++++++++++++++++++++++++++++++++++
 src/Makefile.am      |    1 
 src/closefrom.c      |    7 +++-
 src/explicit_bzero.c |   19 +++++++++++++
 src/libbsd.map       |    4 ++
 test/.gitignore      |    1 
 test/Makefile.am     |    1 
 test/bzero.c         |   47 +++++++++++++++++++++++++++++++++
 10 files changed, 153 insertions(+), 2 deletions(-)

New commits:
commit 45443583df0ece8523f6b9038e305fa6c01b63f7
Author: Guillem Jover <guillem at hadrons.org>
Date:   Wed Sep 23 19:37:37 2015 +0200

    Add explicit_bzero() function from OpenBSD

diff --git a/include/bsd/string.h b/include/bsd/string.h
index a2d54b3..ee2f953 100644
--- a/include/bsd/string.h
+++ b/include/bsd/string.h
@@ -41,6 +41,8 @@ size_t strlcpy(char *dst, const char *src, size_t siz);
 size_t strlcat(char *dst, const char *src, size_t siz);
 char *strnstr(const char *str, const char *find, size_t str_len);
 void strmode(mode_t mode, char *str);
+
+void explicit_bzero(void *buf, size_t len);
 __END_DECLS
 
 #endif
diff --git a/man/Makefile.am b/man/Makefile.am
index 1456ef7..f3bcd50 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -23,6 +23,7 @@ dist_man_MANS = \
 	closefrom.3 \
 	dehumanize_number.3 \
 	expand_number.3 \
+	explicit_bzero.3 \
 	fgetln.3 \
 	fgetwln.3 \
 	flopen.3 \
diff --git a/man/explicit_bzero.3 b/man/explicit_bzero.3
new file mode 100644
index 0000000..2bed62a
--- /dev/null
+++ b/man/explicit_bzero.3
@@ -0,0 +1,72 @@
+.\" Copyright (c) 1990, 1991 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" Chris Torek.
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	$OpenBSD: bzero.3,v 1.10 2014/01/22 21:06:45 tedu Exp $
+.\"
+.Dd $Mdocdate: January 22 2014 $
+.Dt BZERO 3
+.Os
+.Sh NAME
+.Nm explicit_bzero
+.Nd write zeroes to a byte string
+.Sh LIBRARY
+.ds str-Lb-libbsd Utility functions from BSD systems (libbsd, \-lbsd)
+.Lb libbsd
+.Sh SYNOPSIS
+.In bsd/string.h
+.Ft void
+.Fn explicit_bzero "void *buf" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn explicit_bzero
+function writes
+.Fa len
+zero bytes to the string
+.Fa buf .
+If
+.Fa len
+is zero,
+.Fn explicit_bzero
+does nothing.
+.Pp
+The
+.Fn explicit_bzero
+variant behaves the same as the
+.Fn bzero
+function, but will not be removed by a compiler's dead store optimization
+pass, making it useful for clearing sensitive memory such as a password.
+.Sh SEE ALSO
+.Xr bzero 3 ,
+.Xr memset 3 ,
+.Xr swab 3
+.Sh HISTORY
+The
+.Fn explicit_bzero
+function first appeared in
+.Ox 5.5 .
diff --git a/src/Makefile.am b/src/Makefile.am
index de1fe34..1cb04f9 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -50,6 +50,7 @@ libbsd_la_SOURCES = \
 	dehumanize_number.c \
 	err.c \
 	expand_number.c \
+	explicit_bzero.c \
 	fgetln.c \
 	fgetwln.c \
 	flopen.c \
diff --git a/src/explicit_bzero.c b/src/explicit_bzero.c
new file mode 100644
index 0000000..3e33ca8
--- /dev/null
+++ b/src/explicit_bzero.c
@@ -0,0 +1,19 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	memset(buf, 0, len);
+	__explicit_bzero_hook(buf, len);
+}
diff --git a/src/libbsd.map b/src/libbsd.map
index 29e84fd..2b9a3db 100644
--- a/src/libbsd.map
+++ b/src/libbsd.map
@@ -132,3 +132,7 @@ LIBBSD_0.7 {
     _time_to_int;
     _int_to_time;
 } LIBBSD_0.6;
+
+LIBBSD_0.8 {
+    explicit_bzero;
+} LIBBSD_0.7;
diff --git a/test/.gitignore b/test/.gitignore
index e80dcb5..375be31 100644
--- a/test/.gitignore
+++ b/test/.gitignore
@@ -1,3 +1,4 @@
+bzero
 closefrom
 endian
 fgetln
diff --git a/test/Makefile.am b/test/Makefile.am
index 6d675e3..2576eeb 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -12,6 +12,7 @@ LDADD = $(top_builddir)/src/libbsd.la
 check_PROGRAMS = \
 	headers \
 	overlay \
+	bzero \
 	closefrom \
 	endian \
 	humanize \
diff --git a/test/bzero.c b/test/bzero.c
new file mode 100644
index 0000000..227b163
--- /dev/null
+++ b/test/bzero.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright © 2015 Guillem Jover <guillem at hadrons.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include <string.h>
+
+int
+main()
+{
+	unsigned char array[40];
+	size_t i;
+
+	memset(array, 0x3e, sizeof(array));
+
+	explicit_bzero(array, 0);
+	for (i = 0; i < sizeof(array); i++)
+		assert(array[i] == 0x3e);
+
+	explicit_bzero(array, sizeof(array));
+	for (i = 0; i < sizeof(array); i++)
+		assert(array[i] == 0);
+
+	return 0;
+}
commit 8641d8aed711f74179915fe2fde89c9969ff7de4
Author: Guillem Jover <guillem at hadrons.org>
Date:   Thu Sep 24 04:01:11 2015 +0200

    Make closefrom_procfs() fail when reallocarray() fails

diff --git a/src/closefrom.c b/src/closefrom.c
index b6d9834..c2922e7 100644
--- a/src/closefrom.c
+++ b/src/closefrom.c
@@ -132,6 +132,7 @@ closefrom_procfs(int lowfd)
 	int *fd_array = NULL;
 	int fd_array_used = 0;
 	int fd_array_size = 0;
+	int ret = 0;
 	int i;
 
 	/* Use /proc/self/fd (or /dev/fd on FreeBSD) if it exists. */
@@ -161,8 +162,10 @@ closefrom_procfs(int lowfd)
 				fd_array_size = 32;
 
 			ptr = reallocarray(fd_array, fd_array_size, sizeof(int));
-			if (ptr == NULL)
+			if (ptr == NULL) {
+				ret = -1;
 				break;
+			}
 			fd_array = ptr;
 		}
 
@@ -175,7 +178,7 @@ closefrom_procfs(int lowfd)
 	free(fd_array);
 	(void)closedir(dirp);
 
-	return 0;
+	return ret;
 }
 
 void
