[nginx] Core: ngx_explicit_memzero().

Maxim Dounin mdounin at mdounin.ru
Thu Nov 15 18:31:34 UTC 2018


details:   http://hg.nginx.org/nginx/rev/9ca82f273967
branches:  
changeset: 7395:9ca82f273967
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Thu Nov 15 21:28:02 2018 +0300
description:
Core: ngx_explicit_memzero().

diffstat:

 src/core/ngx_string.c         |  8 ++++++++
 src/core/ngx_string.h         |  2 ++
 src/event/ngx_event_openssl.c |  4 ++--
 3 files changed, 12 insertions(+), 2 deletions(-)

diffs (51 lines):

diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -2013,6 +2013,14 @@ ngx_sort(void *base, size_t n, size_t si
 }
 
 
+void
+ngx_explicit_memzero(void *buf, size_t n)
+{
+    ngx_memzero(buf, n);
+    ngx_memory_barrier();
+}
+
+
 #if (NGX_MEMCPY_LIMIT)
 
 void *
diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
--- a/src/core/ngx_string.h
+++ b/src/core/ngx_string.h
@@ -88,6 +88,8 @@ ngx_strlchr(u_char *p, u_char *last, u_c
 #define ngx_memzero(buf, n)       (void) memset(buf, 0, n)
 #define ngx_memset(buf, c, n)     (void) memset(buf, c, n)
 
+void ngx_explicit_memzero(void *buf, size_t n);
+
 
 #if (NGX_MEMCPY_LIMIT)
 
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1051,7 +1051,7 @@ cleanup:
                            ngx_close_file_n " \"%s\" failed", file->data);
     }
 
-    ngx_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
+    ngx_explicit_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
 
     return passwords;
 }
@@ -1068,7 +1068,7 @@ ngx_ssl_passwords_cleanup(void *data)
     pwd = passwords->elts;
 
     for (i = 0; i < passwords->nelts; i++) {
-        ngx_memzero(pwd[i].data, pwd[i].len);
+        ngx_explicit_memzero(pwd[i].data, pwd[i].len);
     }
 }
 


More information about the nginx-devel mailing list