MINOR: tools: add a secure implementation of memset

This guarantees that the compiler will not optimize away the memset() call if it detects a dead store. Use this to clear SSL passphrases. No backport needed.
2025-12-20 09:01:06 +01:00 · 2025-12-19 10:40:38 -05:00 · 2025-12-19 10:40:38 -05:00 · c8750e4e9d
commit c8750e4e9d
parent bd92f34f02
3 changed files with 12 additions and 1 deletions
--- a/include/haproxy/tools.h
+++ b/include/haproxy/tools.h
@ -1490,4 +1490,6 @@ int path_base(const char *path, const char *base, char *dst, char **err);

 void ha_freearray(char ***array);

+void ha_memset_s(void *s, int c, size_t n);
+
 #endif /* _HAPROXY_TOOLS_H */
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -3756,7 +3756,7 @@ static int ssl_sock_clear_passphrase_cache(void)

 			/* Erase stored passphrases just in case some memory
 			 * ends up leaking */
-			memset(passphrase_cache[idx].ptr, 0, passphrase_cache[idx].len);
+			ha_memset_s(passphrase_cache[idx].ptr, 0, passphrase_cache[idx].len);
 			istfree(&passphrase_cache[idx]);
 		}
 		ha_free(&passphrase_cache);
--- a/src/tools.c
+++ b/src/tools.c
@ -7438,6 +7438,15 @@ void ha_freearray(char ***array)
 	*array = NULL;
 }

+/*
+ * Secure implementation of memset that cannot be optimized away.
+ */
+void ha_memset_s(void *s, int c, size_t n)
+{
+	memset(s, c, n);
+	__asm__ __volatile__("" : : "r"(s) : "memory");
+}
+
 /*
 * Local variables:
 *  c-indent-level: 8