X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fxalloc.h;h=2b217e8bdd34eaa89b93e04d9e8df60b5ea7ef53;hb=c6a15e27d934e90a1f3a26438dddb395bdc9de19;hp=da74ce1fca201869965ef31b4f674a6f39cade83;hpb=373b0c12d9d0e8a3b449fd18be704e28dd6403e1;p=tinc diff --git a/src/xalloc.h b/src/xalloc.h index da74ce1f..2b217e8b 100644 --- a/src/xalloc.h +++ b/src/xalloc.h @@ -23,7 +23,9 @@ #include "system.h" -static inline void *xmalloc(size_t n) __attribute__((__malloc__)); +#include + +static inline void *xmalloc(size_t n) ATTR_MALLOC; static inline void *xmalloc(size_t n) { void *p = malloc(n); @@ -34,7 +36,7 @@ static inline void *xmalloc(size_t n) { return p; } -static inline void *xzalloc(size_t n) __attribute__((__malloc__)); +static inline void *xzalloc(size_t n) ATTR_MALLOC; static inline void *xzalloc(size_t n) { void *p = calloc(1, n); @@ -55,7 +57,7 @@ static inline void *xrealloc(void *p, size_t n) { return p; } -static inline char *xstrdup(const char *s) __attribute__((__malloc__)) __attribute((__nonnull__)); +static inline char *xstrdup(const char *s) ATTR_MALLOC ATTR_NONNULL; static inline char *xstrdup(const char *s) { char *p = strdup(s); @@ -66,6 +68,7 @@ static inline char *xstrdup(const char *s) { return p; } +static inline int xvasprintf(char **strp, const char *fmt, va_list ap) ATTR_FORMAT(printf, 2, 0); static inline int xvasprintf(char **strp, const char *fmt, va_list ap) { #ifdef HAVE_WINDOWS char buf[1024]; @@ -87,7 +90,7 @@ static inline int xvasprintf(char **strp, const char *fmt, va_list ap) { return result; } -static inline int xasprintf(char **strp, const char *fmt, ...) __attribute__((__format__(printf, 2, 3))); +static inline int xasprintf(char **strp, const char *fmt, ...) ATTR_FORMAT(printf, 2, 3); static inline int xasprintf(char **strp, const char *fmt, ...) { va_list ap; va_start(ap, fmt); @@ -96,4 +99,51 @@ static inline int xasprintf(char **strp, const char *fmt, ...) { return result; } +// Zero out a block of memory containing sensitive information using whatever secure +// erase function is available on the platform (or an unreliable fallback if none are). +// The pointer must not be NULL. Length can be zero, in which case the call is a noop. +static inline void memzero(void *buf, size_t buflen) ATTR_NONNULL; +static inline void memzero(void *buf, size_t buflen) { + assert(buf); + + if(!buflen) { + return; + } + +#if defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(buf, buflen); +#elif defined(HAVE_EXPLICIT_MEMSET) + explicit_memset(buf, 0, buflen); +#elif defined(HAVE_MEMSET_S) + errno_t err = memset_s(buf, buflen, 0, buflen); + assert(err == 0); +#elif defined(HAVE_WINDOWS) + SecureZeroMemory(buf, buflen); +#else + volatile uint8_t *p = buf; + + while(buflen--) { + *p++ = 0; + } + #endif +} + +// Zero out a buffer of size `len` located at `ptr` and free() it. +// Does nothing if called on NULL. +static inline void xzfree(void *ptr, size_t len) { + if(ptr) { + memzero(ptr, len); + free(ptr); + } +} + +// Zero out a NULL-terminated string using memzero() and then free it. +// Does nothing if called on NULL. +static inline void free_string(char *str) { + if(str) { + xzfree(str, strlen(str)); + } +} + +#endif // TINC_XALLOC_H