Use bzero(3) instead of its pattern
It was blessed by POSIX.1-2001, and GCC says that it won't go away, possibly ever. memset(3) is dangerous, as the 2nd and 3rd arguments can be accidentally swapped --who remembers what's the order of the 2nd and 3rd parameters to memset(3) without checking the manual page or some code that uses it?--. Some recent compilers may be able to catch that via some warnings, but those are not infalible. And even if compiler warnings could always catch that, the time lost in fixing or checking the docs is lost for no clear gain. Having a sane API that is unambiguous is the Right Thing (tm); and that API is bzero(3). If someone doesn't believe memset(3) is error-prone, please read the book "Unix Network Programming", Volume 1, 3rd Edition by Stevens, et al., Section 1.2. See a stackoverflow reference in the link below[1]. bzero(3) had a bad fame in the bad old days, because some ancient systems (I'm talking of many decades ago) shipped a broken version of bzero(3). We can assume that all systems in which current shadow utils can be built, have a working version of bzero(3) --if not, please fix your broken system; don't blame the programmer--. One reason that some use today to avoid bzero(3) in favor of memset(3) is that memset(3) is more often used; but that's a circular reasoning. Even if bzero(3) wasn't supported by the system, it would need to be invented. It's the right API. Another reason that some argue is that POSIX.1-2008 removed the specification of bzero(3). That's not a problem, because GCC will probably support it forever, and even if it didn't, we can redefine it like we do with memzero(). bzero(3) is just a one-liner wrapper around memset(3). Link: [1] <https://stackoverflow.com/a/17097978> Cc: Christian Göttsche <cgzones@googlemail.com> Cc: Serge Hallyn <serge@hallyn.com> Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Alejandro Colomar
committed by
Iker Pedrosa
Iker Pedrosa
parent
624bacfbd8
commit
e7a292ed4f
@@ -11,6 +11,7 @@
|
||||
#include <limits.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <strings.h>
|
||||
|
||||
#include "alloc.h"
|
||||
#include "prototypes.h"
|
||||
@@ -176,7 +177,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
|
||||
}
|
||||
|
||||
/* Lockdown new{g,u}idmap by dropping all unneeded capabilities. */
|
||||
memset(data, 0, sizeof(data));
|
||||
bzero(data, sizeof(data));
|
||||
data[0].effective = CAP_TO_MASK(cap);
|
||||
/*
|
||||
* When uid 0 from the ancestor userns is supposed to be mapped into
|
||||
|
||||
@@ -33,7 +33,7 @@ memzero(void *ptr, size_t size)
|
||||
#elif defined(HAVE_EXPLICIT_BZERO)
|
||||
explicit_bzero(ptr, size);
|
||||
#else
|
||||
memset(ptr, '\0', size);
|
||||
bzero(ptr, size);
|
||||
__asm__ __volatile__ ("" : : "r"(ptr) : "memory");
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -13,6 +13,8 @@
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <strings.h>
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
#include "alloc.h"
|
||||
@@ -94,8 +96,8 @@ static int ni_conv (int num_msg,
|
||||
failed_conversation:
|
||||
for (count=0; count < num_msg; count++) {
|
||||
if (NULL != responses[count].resp) {
|
||||
memset (responses[count].resp, 0,
|
||||
strlen (responses[count].resp));
|
||||
bzero(responses[count].resp,
|
||||
strlen(responses[count].resp));
|
||||
free (responses[count].resp);
|
||||
responses[count].resp = NULL;
|
||||
}
|
||||
|
||||
10
lib/salt.c
10
lib/salt.c
@@ -20,6 +20,8 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <strings.h>
|
||||
|
||||
#include "prototypes.h"
|
||||
#include "defines.h"
|
||||
#include "getdef.h"
|
||||
@@ -319,7 +321,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
|
||||
{
|
||||
static char salt[MAX_SALT_SIZE + 6];
|
||||
|
||||
memset (salt, '\0', MAX_SALT_SIZE + 6);
|
||||
bzero(salt, MAX_SALT_SIZE + 6);
|
||||
|
||||
assert (salt_size >= MIN_SALT_SIZE &&
|
||||
salt_size <= MAX_SALT_SIZE);
|
||||
@@ -358,7 +360,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
|
||||
const char *method;
|
||||
unsigned long rounds = 0;
|
||||
|
||||
memset (result, '\0', GENSALT_SETTING_SIZE);
|
||||
bzero(result, GENSALT_SETTING_SIZE);
|
||||
|
||||
if (NULL != meth)
|
||||
method = meth;
|
||||
@@ -406,7 +408,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
|
||||
method);
|
||||
salt_len = MAX_SALT_SIZE;
|
||||
rounds = 0;
|
||||
memset (result, '\0', GENSALT_SETTING_SIZE);
|
||||
bzero(result, GENSALT_SETTING_SIZE);
|
||||
}
|
||||
|
||||
#if USE_XCRYPT_GENSALT
|
||||
@@ -418,7 +420,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
|
||||
/* Avoid -Wunused-but-set-variable. */
|
||||
salt_len = GENSALT_SETTING_SIZE - 1;
|
||||
rounds = 0;
|
||||
memset (result, '.', salt_len);
|
||||
memset(result, '.', salt_len);
|
||||
result[salt_len] = '\0';
|
||||
}
|
||||
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <grp.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <strings.h>
|
||||
#include <sys/types.h>
|
||||
#ifdef ACCT_TOOLS_SETUID
|
||||
#ifdef USE_PAM
|
||||
@@ -229,7 +230,7 @@ static void grp_update (void)
|
||||
* shadowed password, we force the creation of a
|
||||
* gshadow entry when a new password is requested.
|
||||
*/
|
||||
memset (&sgrp, 0, sizeof sgrp);
|
||||
bzero(&sgrp, sizeof sgrp);
|
||||
sgrp.sg_name = xstrdup (grp.gr_name);
|
||||
sgrp.sg_passwd = xstrdup (grp.gr_passwd);
|
||||
sgrp.sg_adm = ∅
|
||||
|
||||
@@ -21,9 +21,11 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <strings.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
#include <getopt.h>
|
||||
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#include "prototypes.h"
|
||||
@@ -198,7 +200,7 @@ int main (int argc, char **argv)
|
||||
static char *empty = 0;
|
||||
|
||||
/* add new shadow group entry */
|
||||
memset (&sgent, 0, sizeof sgent);
|
||||
bzero(&sgent, sizeof sgent);
|
||||
sgent.sg_name = gr->gr_name;
|
||||
sgent.sg_passwd = gr->gr_passwd;
|
||||
sgent.sg_adm = ∅
|
||||
|
||||
@@ -40,9 +40,11 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <strings.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
#include <getopt.h>
|
||||
|
||||
#include "defines.h"
|
||||
#include "getdef.h"
|
||||
#include "prototypes.h"
|
||||
@@ -237,7 +239,7 @@ int main (int argc, char **argv)
|
||||
spent = *sp;
|
||||
} else {
|
||||
/* add new shadow entry */
|
||||
memset (&spent, 0, sizeof spent);
|
||||
bzero(&spent, sizeof spent);
|
||||
spent.sp_namp = pw->pw_name;
|
||||
spent.sp_min = getdef_num ("PASS_MIN_DAYS", -1);
|
||||
spent.sp_max = getdef_num ("PASS_MAX_DAYS", -1);
|
||||
|
||||
@@ -27,6 +27,7 @@
|
||||
#endif /* USE_PAM */
|
||||
#endif /* ACCT_TOOLS_SETUID */
|
||||
#include <stdio.h>
|
||||
#include <strings.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
#include <time.h>
|
||||
@@ -1737,7 +1738,7 @@ static void usr_update (void)
|
||||
* a shadowed password
|
||||
* + aging information is requested
|
||||
*/
|
||||
memset (&spent, 0, sizeof spent);
|
||||
bzero(&spent, sizeof spent);
|
||||
spent.sp_namp = user_name;
|
||||
|
||||
/* The user explicitly asked for a shadow feature.
|
||||
|
||||
Reference in New Issue
Block a user