Use explicit_bzero() when cleaning values out of the kernel environment.

Sometimes the values contain geli passphrases being communicated from loader(8) to the kernel, and some day the compiler may decide to start eliding calls to memset() for a pointer which is not dereferenced again before being passed to free().
svn path=/head/; revision=332395
2018-04-10 22:57:56 +00:00 · 2018-04-10 22:57:56 +00:00 · 97603f1da2 · 2020-12-20 02:59:44 +00:00
commit 97603f1da2
parent 04457342a3
1 changed files with 3 additions and 3 deletions
--- a/sys/kern/kern_environment.c
+++ b/sys/kern/kern_environment.c
@ -289,7 +289,7 @@ init_dynamic_kenv(void *data __unused)
 			if (i < KENV_SIZE) {
 				kenvp[i] = malloc(len, M_KENV, M_WAITOK);
 				strcpy(kenvp[i++], cp);
-				memset(cp, 0, strlen(cp));
+				explicit_bzero(cp, strlen(cp));
 			} else
 				printf(
 				"WARNING: too many kenv strings, ignoring %s\n",
@ -308,7 +308,7 @@ freeenv(char *env)
 {

 	if (dynamic_kenv && env != NULL) {
-		memset(env, 0, strlen(env));
+		explicit_bzero(env, strlen(env));
 		free(env, M_KENV);
 	}
 }
@ -486,7 +486,7 @@ kern_unsetenv(const char *name)
 			kenvp[i++] = kenvp[j];
 		kenvp[i] = NULL;
 		mtx_unlock(&kenv_lock);
-		memset(oldenv, 0, strlen(oldenv));
+		explicit_bzero(oldenv, strlen(oldenv));
 		free(oldenv, M_KENV);
 		return (0);
 	}