From owner-svn-src-all@freebsd.org Wed Jun 27 21:22:49 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 467391012697; Wed, 27 Jun 2018 21:22:49 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EF7D974366; Wed, 27 Jun 2018 21:22:48 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D0A18879; Wed, 27 Jun 2018 21:22:48 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5RLMm3i011248; Wed, 27 Jun 2018 21:22:48 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5RLMmu7011247; Wed, 27 Jun 2018 21:22:48 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <201806272122.w5RLMmu7011247@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Wed, 27 Jun 2018 21:22:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r335745 - stable/11/sys/kern X-SVN-Group: stable-11 X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: stable/11/sys/kern X-SVN-Commit-Revision: 335745 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2018 21:22:49 -0000 Author: kevans Date: Wed Jun 27 21:22:48 2018 New Revision: 335745 URL: https://svnweb.freebsd.org/changeset/base/335745 Log: MFC r332395 (ian): Use explicit_bzero() when cleaning values out of the kenv Sometimes the values contain geli passphrases being communicated from loader(8) to the kernel, and some day the compiler may decide to start eliding calls to memset() for a pointer which is not dereferenced again before being passed to free(). Modified: stable/11/sys/kern/kern_environment.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/kern/kern_environment.c ============================================================================== --- stable/11/sys/kern/kern_environment.c Wed Jun 27 21:22:00 2018 (r335744) +++ stable/11/sys/kern/kern_environment.c Wed Jun 27 21:22:48 2018 (r335745) @@ -288,7 +288,7 @@ init_dynamic_kenv(void *data __unused) if (i < KENV_SIZE) { kenvp[i] = malloc(len, M_KENV, M_WAITOK); strcpy(kenvp[i++], cp); - memset(cp, 0, strlen(cp)); + explicit_bzero(cp, strlen(cp)); } else printf( "WARNING: too many kenv strings, ignoring %s\n", @@ -307,7 +307,7 @@ freeenv(char *env) { if (dynamic_kenv && env != NULL) { - memset(env, 0, strlen(env)); + explicit_bzero(env, strlen(env)); free(env, M_KENV); } } @@ -485,7 +485,7 @@ kern_unsetenv(const char *name) kenvp[i++] = kenvp[j]; kenvp[i] = NULL; mtx_unlock(&kenv_lock); - memset(oldenv, 0, strlen(oldenv)); + explicit_bzero(oldenv, strlen(oldenv)); free(oldenv, M_KENV); return (0); }