#include "system.h"
+#include <assert.h>
+
static inline void *xmalloc(size_t n) ATTR_MALLOC;
static inline void *xmalloc(size_t n) {
void *p = malloc(n);
return p;
}
+static inline int xvasprintf(char **strp, const char *fmt, va_list ap) ATTR_FORMAT(printf, 2, 0);
static inline int xvasprintf(char **strp, const char *fmt, va_list ap) {
#ifdef HAVE_WINDOWS
char buf[1024];
return result;
}
+// Zero out a block of memory containing sensitive information using whatever secure
+// erase function is available on the platform (or an unreliable fallback if none are).
+// The pointer must not be NULL. Length can be zero, in which case the call is a noop.
+static inline void memzero(void *buf, size_t buflen) ATTR_NONNULL;
+static inline void memzero(void *buf, size_t buflen) {
+ assert(buf);
+
+ if(!buflen) {
+ return;
+ }
+
+#if defined(HAVE_EXPLICIT_BZERO)
+ explicit_bzero(buf, buflen);
+#elif defined(HAVE_EXPLICIT_MEMSET)
+ explicit_memset(buf, 0, buflen);
+#elif defined(HAVE_MEMSET_S)
+ errno_t err = memset_s(buf, buflen, 0, buflen);
+ assert(err == 0);
+#elif defined(HAVE_WINDOWS)
+ SecureZeroMemory(buf, buflen);
+#else
+ volatile uint8_t *p = buf;
+
+ while(buflen--) {
+ *p++ = 0;
+ }
+
#endif
+}
+
+// Zero out a buffer of size `len` located at `ptr` and free() it.
+// Does nothing if called on NULL.
+static inline void xzfree(void *ptr, size_t len) {
+ if(ptr) {
+ memzero(ptr, len);
+ free(ptr);
+ }
+}
+
+// Zero out a NULL-terminated string using memzero() and then free it.
+// Does nothing if called on NULL.
+static inline void free_string(char *str) {
+ if(str) {
+ xzfree(str, strlen(str));
+ }
+}
+
+#endif // TINC_XALLOC_H