From 97603f1da2753533e57878ec8911639ac82bcc0e Mon Sep 17 00:00:00 2001
From: Ian Lepore <ian@FreeBSD.org>
Date: Tue, 10 Apr 2018 22:57:56 +0000
Subject: [PATCH] Use explicit_bzero() when cleaning values out of the kernel
 environment.

Sometimes the values contain geli passphrases being communicated from
loader(8) to the kernel, and some day the compiler may decide to start
eliding calls to memset() for a pointer which is not dereferenced again
before being passed to free().
---
 sys/kern/kern_environment.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c
index 3d8cc0aa6b8d..eb5da72d9f44 100644
--- a/sys/kern/kern_environment.c
+++ b/sys/kern/kern_environment.c
@@ -289,7 +289,7 @@ init_dynamic_kenv(void *data __unused)
 			if (i < KENV_SIZE) {
 				kenvp[i] = malloc(len, M_KENV, M_WAITOK);
 				strcpy(kenvp[i++], cp);
-				memset(cp, 0, strlen(cp));
+				explicit_bzero(cp, strlen(cp));
 			} else
 				printf(
 				"WARNING: too many kenv strings, ignoring %s\n",
@@ -308,7 +308,7 @@ freeenv(char *env)
 {
 
 	if (dynamic_kenv && env != NULL) {
-		memset(env, 0, strlen(env));
+		explicit_bzero(env, strlen(env));
 		free(env, M_KENV);
 	}
 }
@@ -486,7 +486,7 @@ kern_unsetenv(const char *name)
 			kenvp[i++] = kenvp[j];
 		kenvp[i] = NULL;
 		mtx_unlock(&kenv_lock);
-		memset(oldenv, 0, strlen(oldenv));
+		explicit_bzero(oldenv, strlen(oldenv));
 		free(oldenv, M_KENV);
 		return (0);
 	}