Merge pull request #13011 from keszybz/auto-erase

Remove string_erase and friends
2019-07-11 01:05:01 +02:00 · 2019-07-11 01:05:01 +02:00 · 8e27167cc9
parent feb0c8b86f b4f386d53b
commit 8e27167cc9
9 changed files with 18 additions and 60 deletions
--- a/4
+++ b/4
@ -90,8 +90,8 @@ Features:
  usefaultd() and make systemd-analyze check for it.

 * paranoia: whenever we process passwords, call mlock() on the memory
-  first. i.e. look for all places we use string_erase()/string_free_erase() and
-  augment them with mlock(). Also use MADV_DONTDUMP
+  first. i.e. look for all places we use free_and_erasep() and
+  augment them with mlock(). Also use MADV_DONTDUMP.

 * Move RestrictAddressFamily= to the new cgroup create socket

--- a/src/basic/string-util.c
+++ b/src/basic/string-util.c
@ -1032,20 +1032,6 @@ int free_and_strndup(char **p, const char *s, size_t l) {
        return 1;
 }

-char* string_erase(char *x) {
-        if (!x)
-                return NULL;
-
-        /* A delicious drop of snake-oil! To be called on memory where
-         * we stored passphrases or so, after we used them. */
-        explicit_bzero_safe(x, strlen(x));
-        return x;
-}
-
-char *string_free_erase(char *s) {
-        return mfree(string_erase(s));
-}
-
 bool string_is_safe(const char *p) {
        const char *t;

--- a/src/basic/string-util.h
+++ b/src/basic/string-util.h
@ -197,12 +197,6 @@ static inline int free_and_strdup_warn(char **p, const char *s) {
 }
 int free_and_strndup(char **p, const char *s, size_t l);

-char *string_erase(char *x);
-
-char *string_free_erase(char *s);
-DEFINE_TRIVIAL_CLEANUP_FUNC(char *, string_free_erase);
-#define _cleanup_string_free_erase_ _cleanup_(string_free_erasep)
-
 bool string_is_safe(const char *p) _pure_;

 static inline size_t strlen_ptr(const char *s) {
--- a/src/basic/strv.c
+++ b/src/basic/strv.c
@ -11,6 +11,7 @@
 #include "escape.h"
 #include "extract-word.h"
 #include "fileio.h"
+#include "memory-util.h"
 #include "nulstr-util.h"
 #include "sort-util.h"
 #include "string-util.h"
@ -78,9 +79,9 @@ char **strv_free_erase(char **l) {
        char **i;

        STRV_FOREACH(i, l)
-                string_erase(*i);
+                erase_and_freep(i);

-        return strv_free(l);
+        return mfree(l);
 }

 char **strv_copy(char * const *l) {
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@ -30,6 +30,7 @@
 #include "kbd-util.h"
 #include "locale-util.h"
 #include "main-func.h"
+#include "memory-util.h"
 #include "mkdir.h"
 #include "os-util.h"
 #include "parse-util.h"
@ -68,7 +69,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_locale_messages, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_timezone, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_hostname, freep);
-STATIC_DESTRUCTOR_REGISTER(arg_root_password, string_free_erasep);
+STATIC_DESTRUCTOR_REGISTER(arg_root_password, erase_and_freep);

 static bool press_any_key(void) {
        char k = 0;
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@ -753,7 +753,7 @@ static int parse_argv(int argc, char *argv[]) {
                        r = free_and_strdup(&arg_verify_key, optarg);
                        if (r < 0)
                                return r;
-                        /* Use memset not string_erase so this doesn't look confusing
+                        /* Use memset not explicit_bzero() or similar so this doesn't look confusing
                         * in ps or htop output. */
                        memset(optarg, 'x', strlen(optarg));

--- a/src/reply-password/reply-password.c
+++ b/src/reply-password/reply-password.c
@ -47,7 +47,7 @@ static int run(int argc, char *argv[]) {
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Wrong number of arguments.");

        if (streq(argv[1], "1")) {
-                _cleanup_string_free_erase_ char *line = NULL;
+                _cleanup_(erase_and_freep) char *line = NULL;

                r = read_line(stdin, LONG_LINE_MAX, &line);
                if (r < 0)
--- a/src/test/test-string-util.c
+++ b/src/test/test-string-util.c
@ -9,29 +9,6 @@
 #include "utf8.h"
 #include "util.h"

-static void test_string_erase(void) {
-        char *x;
-
-        x = strdupa("");
-        assert_se(streq(string_erase(x), ""));
-
-        x = strdupa("1");
-        assert_se(streq(string_erase(x), ""));
-
-        x = strdupa("123456789");
-        assert_se(streq(string_erase(x), ""));
-
-        assert_se(x[1] == '\0');
-        assert_se(x[2] == '\0');
-        assert_se(x[3] == '\0');
-        assert_se(x[4] == '\0');
-        assert_se(x[5] == '\0');
-        assert_se(x[6] == '\0');
-        assert_se(x[7] == '\0');
-        assert_se(x[8] == '\0');
-        assert_se(x[9] == '\0');
-}
-
 static void test_free_and_strndup_one(char **t, const char *src, size_t l, const char *expected, bool change) {
        int r;

@ -582,7 +559,6 @@ static void test_memory_startswith_no_case(void) {
 int main(int argc, char *argv[]) {
        test_setup_logging(LOG_DEBUG);

-        test_string_erase();
        test_free_and_strndup();
        test_ascii_strcasecmp_n();
        test_ascii_strcasecmp_nn();
--- a/src/test/test-strv.c
+++ b/src/test/test-strv.c
@ -227,60 +227,60 @@ static void test_invalid_unquote(const char *quoted) {
 }

 static void test_strv_split(void) {
-        _cleanup_strv_free_ char **l = NULL;
+        _cleanup_(strv_free_erasep) char **l = NULL;
        const char str[] = "one,two,three";

        l = strv_split(str, ",");
        assert_se(l);
        assert_se(strv_equal(l, (char**) input_table_multiple));

-        strv_free(l);
+        strv_free_erase(l);

        l = strv_split("    one    two\t three", WHITESPACE);
        assert_se(l);
        assert_se(strv_equal(l, (char**) input_table_multiple));

-        strv_free(l);
+        strv_free_erase(l);

        /* Setting NULL for separator is equivalent to WHITESPACE */
        l = strv_split("    one    two\t three", NULL);
        assert_se(l);
        assert_se(strv_equal(l, (char**) input_table_multiple));

-        strv_free(l);
+        strv_free_erase(l);

        l = strv_split_full("    one    two\t three", NULL, 0);
        assert_se(l);
        assert_se(strv_equal(l, (char**) input_table_multiple));

-        strv_free(l);
+        strv_free_erase(l);

        l = strv_split_full("    'one'  \"  two\t three \" ' four  five'", NULL, SPLIT_QUOTES);
        assert_se(l);
        assert_se(strv_equal(l, (char**) input_table_quoted));

-        strv_free(l);
+        strv_free_erase(l);

        /* missing last quote ignores the last element. */
        l = strv_split_full("    'one'  \"  two\t three \" ' four  five'  ' ignored element ", NULL, SPLIT_QUOTES);
        assert_se(l);
        assert_se(strv_equal(l, (char**) input_table_quoted));

-        strv_free(l);
+        strv_free_erase(l);

        /* missing last quote, but the last element is _not_ ignored with SPLIT_RELAX. */
        l = strv_split_full("    'one'  \"  two\t three \" ' four  five", NULL, SPLIT_QUOTES | SPLIT_RELAX);
        assert_se(l);
        assert_se(strv_equal(l, (char**) input_table_quoted));

-        strv_free(l);
+        strv_free_erase(l);

        /* missing separator between */
        l = strv_split_full("    'one'  \"  two\t three \"' four  five'", NULL, SPLIT_QUOTES | SPLIT_RELAX);
        assert_se(l);
        assert_se(strv_equal(l, (char**) input_table_quoted));

-        strv_free(l);
+        strv_free_erase(l);

        l = strv_split_full("    'one'  \"  two\t three \"' four  five", NULL, SPLIT_QUOTES | SPLIT_RELAX);
        assert_se(l);