nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-06-30 19:12:48 -05:00
Code Issues Projects Releases Wiki Activity

Adopt a new universal implementation of smemclr().

Browse Source 
This new implementation uses the same optimisation-barrier technique
that I used in various places in testsc: have a no-op function, and a
volatile function pointer pointing at it, and then call through the
function pointer, so that nothing actually happens (apart from the
physical call and return) but the compiler has to assume that
_anything_ might have happened.

Doing this just after a memset enforces that the compiler can't have
thrown away the memset, because the called function might (for
example) check that all the memory really is zero and abort if not.

I've been turning this over in my mind ever since coming up with the
technique for testsc. I think it's far more robust than the previous
smemclr technique: so much so that I'm switching to using it
_everywhere_, and no longer using platform alternatives like Windows's
SecureZeroMemory().
This commit is contained in:
Simon Tatham
2021-04-17 17:59:43 +01:00
parent 5bb24a7edd
commit 395c228bee
7 changed files with 28 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
defs.h
View File

@ -201,32 +201,4 @@ typedef struct PacketProtocolLayer PacketProtocolLayer;
#define NORETURN
#endif
/* ----------------------------------------------------------------------
* Platform-specific definitions.
*
* Most of these live in the per-platform header files, of which
* puttyps.h selects the appropriate one. But some of the sources
* (particularly standalone test applications) would prefer not to
* have to include a per-platform header at all, because that makes it
* more portable to platforms not supported by the code base as a
* whole (for example, compiling purely computational parts of the
* code for specialist platforms for test and analysis purposes). So
* any definition that has to affect even _those_ modules will have to
* go here, with the key constraint being that this code has to come
* to _some_ decision even if the compilation platform is not a
* recognised one at all.
*/
/* Purely computational code uses smemclr(), so we have to make the
* decision here about whether that's provided by utils.c or by a
* platform implementation. We define PLATFORM_HAS_SMEMCLR to suppress
* utils.c's definition. */
#ifdef _WINDOWS
/* Windows provides the API function 'SecureZeroMemory', which we use
* unless the user has told us not to by defining NO_SECUREZEROMEMORY. */
#ifndef NO_SECUREZEROMEMORY
#define PLATFORM_HAS_SMEMCLR
#endif
#endif
#endif /* PUTTY_DEFS_H */