From 278944831e6b8303c58fe84b01c5c60e77b1dc45 Mon Sep 17 00:00:00 2001
From: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Date: Fri, 27 Feb 2026 13:11:48 +0300
Subject: [PATCH] use explicit_bzero() to zero memory

Samba uses memset_s() to zero-fill unused sensitive memory
areas.  This interface is difficult to use right, and is not
implemented in glibc due to this.  So many parts of samba
link to libreplace to get rep_memset_s().  But glibc provides
explicit_bzero(), so there's no need for this linkage.

Unfortunately there are just insane amount of similar
but non-standard functions, and upstream don't want
to stay on something simple and robust in this context.


Gbp-Pq: Name use-explicit_bzero-to-zero-memory.diff
---
 lib/replace/replace.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 4923e1f3..daa4ec6e 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -991,7 +991,11 @@ void rep_setproctitle_init(int argc, char *argv[], char *envp[]);
 #endif
 
 #ifndef HAVE_MEMSET_S
-#define memset_s rep_memset_s
+#define HAVE_MEMSET_S
+#include <assert.h>
+#define memset_s(ptr, size, ch, len) \
+  do { static_assert((ch)==0, "memset_s is called with ch!=0"); \
+       explicit_bzero((ptr), (len)); } while (0)
 int rep_memset_s(void *dest, size_t destsz, int ch, size_t count);
 #endif
 
-- 
2.30.2