From caab2ec90e7898dc046ce72e7b1f07e5eb13370c Mon Sep 17 00:00:00 2001
From: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Date: Sat, 24 Jan 2026 08:55:25 +0300
Subject: [PATCH] use explicit_bzero() to zero memory

Samba uses memset_s() to zero-fill unused sensitive memory
areas.  This interface is difficult to use right, and is not
implemented in glibc due to this.  So many parts of samba
link to libreplace to get rep_memset_s().  But glibc provides
explicit_bzero(), so there's no need for this linkage.

Unfortunately there are just insane amount of similar
but non-standard functions, and upstream don't want
to stay on something simple and robust in this context.


Gbp-Pq: Name use-explicit_bzero-to-zero-memory.diff
---
 lib/replace/replace.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 4923e1f3..daa4ec6e 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -991,7 +991,11 @@ void rep_setproctitle_init(int argc, char *argv[], char *envp[]);
 #endif
 
 #ifndef HAVE_MEMSET_S
-#define memset_s rep_memset_s
+#define HAVE_MEMSET_S
+#include <assert.h>
+#define memset_s(ptr, size, ch, len) \
+  do { static_assert((ch)==0, "memset_s is called with ch!=0"); \
+       explicit_bzero((ptr), (len)); } while (0)
 int rep_memset_s(void *dest, size_t destsz, int ch, size_t count);
 #endif
 
-- 
2.30.2