use explicit_bzero() to zero memory

Samba uses memset_s() to zero-fill unused sensitive memory
areas.  This interface is difficult to use right, and is not
implemented in glibc due to this.  So many parts of samba
link to libreplace to get rep_memset_s().  But glibc provides
explicit_bzero(), so there's no need for this linkage.

Unfortunately there are just insane amount of similar
but non-standard functions, and upstream don't want
to stay on something simple and robust in this context.

Gbp-Pq: Name use-explicit_bzero-to-zero-memory.diff

diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 4923e1f301d6db8cedf98187473ccf016e9e9506..daa4ec6ef5288d955b3984f99708db198c5fa305 100644 (file)
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -991,7 +991,11 @@ void rep_setproctitle_init(int argc, char *argv[], char *envp[]);
 #endif
 
 #ifndef HAVE_MEMSET_S
-#define memset_s rep_memset_s
+#define HAVE_MEMSET_S
+#include <assert.h>
+#define memset_s(ptr, size, ch, len) \
+  do { static_assert((ch)==0, "memset_s is called with ch!=0"); \
+       explicit_bzero((ptr), (len)); } while (0)
 int rep_memset_s(void *dest, size_t destsz, int ch, size_t count);
 #endif