putty-source/utils/smemclr.c

/*
 * Securely wipe memory.
 *
 * The actual wiping is no different from what memset would do: the
 * point of 'securely' is to try to be sure over-clever compilers
 * won't optimise away memsets on variables that are about to be freed
 * or go out of scope. See
 * https://buildsecurityin.us-cert.gov/bsi-rules/home/g1/771-BSI.html
 *
 * Some platforms (e.g. Windows) may provide their own version of this
 * function.
 */

#include "defs.h"
#include "misc.h"

void smemclr(void *b, size_t n)
{
    volatile char *vp;

    if (b && n > 0) {
        /*
         * Zero out the memory.
         */
        memset(b, 0, n);

        /*
         * Perform a volatile access to the object, forcing the
         * compiler to admit that the previous memset was important.
         *
         * This while loop should in practice run for zero iterations
         * (since we know we just zeroed the object out), but in
         * theory (as far as the compiler knows) it might range over
         * the whole object. (If we had just written, say, '*vp =
         * *vp;', a compiler could in principle have 'helpfully'
         * optimised the memset into only zeroing out the first byte.
         * This should be robust.)
         */
        vp = b;
        while (*vp) vp++;
    }
}
New library-style 'utils' subdirectories. Now that the new CMake build system is encouraging us to lay out the code like a set of libraries, it seems like a good idea to make them look more _like_ libraries, by putting things into separate modules as far as possible. This fixes several previous annoyances in which you had to link against some object in order to get a function you needed, but that object also contained other functions you didn't need which included link-time symbol references you didn't want to have to deal with. The usual offender was subsidiary supporting programs including misc.c for some innocuous function and then finding they had to deal with the requirements of buildinfo(). This big reorganisation introduces three new subdirectories called 'utils', one at the top level and one in each platform subdir. In each case, the directory contains basically the same files that were previously placed in the 'utils' build-time library, except that the ones that were extremely miscellaneous (misc.c, utils.c, uxmisc.c, winmisc.c, winmiscs.c, winutils.c) have been split up into much smaller pieces. 2021-04-17 14:22:20 +00:00			`/*`
			`* Securely wipe memory.`
			`*`
			`* The actual wiping is no different from what memset would do: the`
			`* point of 'securely' is to try to be sure over-clever compilers`
			`* won't optimise away memsets on variables that are about to be freed`
			`* or go out of scope. See`
			`* https://buildsecurityin.us-cert.gov/bsi-rules/home/g1/771-BSI.html`
			`*`
			`* Some platforms (e.g. Windows) may provide their own version of this`
			`* function.`
			`*/`

			`#include "defs.h"`
			`#include "misc.h"`

			`void smemclr(void *b, size_t n)`
			`{`
			`volatile char *vp;`

			`if (b && n > 0) {`
			`/*`
			`* Zero out the memory.`
			`*/`
			`memset(b, 0, n);`

			`/*`
			`* Perform a volatile access to the object, forcing the`
			`* compiler to admit that the previous memset was important.`
			`*`
			`* This while loop should in practice run for zero iterations`
			`* (since we know we just zeroed the object out), but in`
			`* theory (as far as the compiler knows) it might range over`
			`* the whole object. (If we had just written, say, '*vp =`
			`* *vp;', a compiler could in principle have 'helpfully'`
			`* optimised the memset into only zeroing out the first byte.`
			`* This should be robust.)`
			`*/`
			`vp = b;`
			`while (*vp) vp++;`
			`}`
			`}`