path: root/src/basic
diff options
authorZbigniew Jędrzejewski-Szmek <>2017-02-05 20:05:27 -0500
committerSven Eden <>2017-07-17 17:58:36 +0200
commit9270bff168ecc98d1761a32ca28b1f3906b093f2 (patch)
tree7e06883e6f9701c7b192689b6adedd4632855c49 /src/basic
parent85df5c16a4d10d955b204d9296827e108c0216a0 (diff)
treewide: replace homegrown memory_erase with explicit_bzero
explicit_bzero was added in glibc 2.25. Make use of it. explicit_bzero is hardcoded to zero the memory, so string erase now truncates the string, instead of overwriting it with 'x'. This causes a visible difference only in the journalctl case.
Diffstat (limited to 'src/basic')
2 files changed, 10 insertions, 6 deletions
diff --git a/src/basic/string-util.c b/src/basic/string-util.c
index b906b581c..9b060a9a2 100644
--- a/src/basic/string-util.c
+++ b/src/basic/string-util.c
@@ -825,6 +825,7 @@ int free_and_strdup(char **p, const char *s) {
return 1;
* Pointer to memset is volatile so that compiler must de-reference
* the pointer and can't assume that it points to any function in
@@ -835,19 +836,19 @@ typedef void *(*memset_t)(void *,int,size_t);
static volatile memset_t memset_func = memset;
-void* memory_erase(void *p, size_t l) {
- return memset_func(p, 'x', l);
+void explicit_bzero(void *p, size_t l) {
+ memset_func(p, '\0', l);
char* string_erase(char *x) {
if (!x)
return NULL;
/* A delicious drop of snake-oil! To be called on memory where
* we stored passphrases or so, after we used them. */
- return memory_erase(x, strlen(x));
+ explicit_bzero(x, strlen(x));
+ return x;
char *string_free_erase(char *s) {
diff --git a/src/basic/string-util.h b/src/basic/string-util.h
index 668b63907..38c7c1009 100644
--- a/src/basic/string-util.h
+++ b/src/basic/string-util.h
@@ -197,7 +197,10 @@ static inline void *memmem_safe(const void *haystack, size_t haystacklen, const
return memmem(haystack, haystacklen, needle, needlelen);
-void* memory_erase(void *p, size_t l);
+void explicit_bzero(void *p, size_t l);
char *string_erase(char *x);
char *string_free_erase(char *s);