Timo Sirainen wrote:
On 27.7.2004, at 09:27, Alexander Sabourenkov wrote:
safe_memset() exists pretty much for this reason. Compilers may sooner or later optimize out this kind of code because it seems useless to it. Microsoft's compilers already do in some cases.
That's called bzero() on *nix (POSIX.1).
Nope:
CONFORMING TO 4.3BSD. This function is deprecated -- use memset in new programs.
May be so in glibc, but (freebsd 5.2.1):
HISTORY
A bzero() function appeared in 4.3BSD. Its prototype existed previously
in
and nothing on deprecation. Though I made a mistake of mentioning POSIX.1 here, seems like it was moved out of string.h to make string.h posix-compliant.
Also I just tested how gcc 3.3.3 works. In a function like:
void test(void) { char arr[4];
scanf("%3s", arr); printf("your secure password: %s\n", arr); bzero(arr, sizeof(arr)); memset(arr, 0, sizeof(arr));
}
Both bzero() and memset() are optimized away if optimizations are turned on.
Note I haven' said it should not ever be optimized away.
Anyway I really prefer the way strings are handled in exim MTA, complete with pool memory allocation. Second preferable is APR, taking subversion as an example. That's much cleaner than the (more) traditional methods, IMHO.
--
./lxnt