From 99f8c19a1b01b336c384e17f9b2f6a86624efde2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 16 Jul 2017 00:48:59 +0200 Subject: [PATCH] memzero(): call the weak function after zeroing A weak function cannot be inlined, but even if it's a little bit far stretched, a compiler could add code taking different paths according to the callee. With a weak function called after the zeroing, we can be sure that the zeroing has to happen. --- src/libsodium/sodium/utils.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index 0796e1fe..6499c41c 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -64,15 +64,11 @@ static unsigned char canary[CANARY_SIZE]; #ifdef HAVE_WEAK_SYMBOLS __attribute__((weak)) void -_sodium_memzero_as_a_weak_symbol_to_prevent_lto(void *const pnt, - const size_t len) +_sodium_dummy_symbol_to_prevent_memzero_lto(void *const pnt, + const size_t len) { - unsigned char *pnt_ = (unsigned char *) pnt; - size_t i = (size_t) 0U; - - while (i < len) { - pnt_[i++] = 0U; - } + (void) pnt; + (void) len; } #endif @@ -88,7 +84,13 @@ sodium_memzero(void *const pnt, const size_t len) #elif defined(HAVE_EXPLICIT_BZERO) explicit_bzero(pnt, len); #elif HAVE_WEAK_SYMBOLS - _sodium_memzero_as_a_weak_symbol_to_prevent_lto(pnt, len); + unsigned char *pnt_ = (unsigned char *) pnt; + size_t i = (size_t) 0U; + + while (i < len) { + pnt_[i++] = 0U; + } + _sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len); #else volatile unsigned char *volatile pnt_ = (volatile unsigned char *volatile) pnt;