diff --git a/TODO b/TODO index edde830038d..df5e18bd912 100644 --- a/TODO +++ b/TODO @@ -90,8 +90,8 @@ Features: usefaultd() and make systemd-analyze check for it. * paranoia: whenever we process passwords, call mlock() on the memory - first. i.e. look for all places we use string_erase()/string_free_erase() and - augment them with mlock(). Also use MADV_DONTDUMP + first. i.e. look for all places we use free_and_erasep() and + augment them with mlock(). Also use MADV_DONTDUMP. * Move RestrictAddressFamily= to the new cgroup create socket diff --git a/src/basic/string-util.c b/src/basic/string-util.c index 779048904a0..474903b2a87 100644 --- a/src/basic/string-util.c +++ b/src/basic/string-util.c @@ -1032,20 +1032,6 @@ int free_and_strndup(char **p, const char *s, size_t l) { return 1; } -char* string_erase(char *x) { - if (!x) - return NULL; - - /* A delicious drop of snake-oil! To be called on memory where - * we stored passphrases or so, after we used them. */ - explicit_bzero_safe(x, strlen(x)); - return x; -} - -char *string_free_erase(char *s) { - return mfree(string_erase(s)); -} - bool string_is_safe(const char *p) { const char *t; diff --git a/src/basic/string-util.h b/src/basic/string-util.h index 47b17c9d3e7..ef136da49e0 100644 --- a/src/basic/string-util.h +++ b/src/basic/string-util.h @@ -197,12 +197,6 @@ static inline int free_and_strdup_warn(char **p, const char *s) { } int free_and_strndup(char **p, const char *s, size_t l); -char *string_erase(char *x); - -char *string_free_erase(char *s); -DEFINE_TRIVIAL_CLEANUP_FUNC(char *, string_free_erase); -#define _cleanup_string_free_erase_ _cleanup_(string_free_erasep) - bool string_is_safe(const char *p) _pure_; static inline size_t strlen_ptr(const char *s) { diff --git a/src/basic/strv.c b/src/basic/strv.c index 21c106149b2..0a1adbf30bd 100644 --- a/src/basic/strv.c +++ b/src/basic/strv.c @@ -11,6 +11,7 @@ #include "escape.h" #include "extract-word.h" #include "fileio.h" +#include "memory-util.h" #include "nulstr-util.h" #include "sort-util.h" #include "string-util.h" @@ -78,9 +79,9 @@ char **strv_free_erase(char **l) { char **i; STRV_FOREACH(i, l) - string_erase(*i); + erase_and_freep(i); - return strv_free(l); + return mfree(l); } char **strv_copy(char * const *l) { diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index e6b40294bf6..e0c834cfc32 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -30,6 +30,7 @@ #include "kbd-util.h" #include "locale-util.h" #include "main-func.h" +#include "memory-util.h" #include "mkdir.h" #include "os-util.h" #include "parse-util.h" @@ -68,7 +69,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_locale_messages, freep); STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep); STATIC_DESTRUCTOR_REGISTER(arg_timezone, freep); STATIC_DESTRUCTOR_REGISTER(arg_hostname, freep); -STATIC_DESTRUCTOR_REGISTER(arg_root_password, string_free_erasep); +STATIC_DESTRUCTOR_REGISTER(arg_root_password, erase_and_freep); static bool press_any_key(void) { char k = 0; diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index c25bbc3f265..3e1ca5b1ba2 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -753,7 +753,7 @@ static int parse_argv(int argc, char *argv[]) { r = free_and_strdup(&arg_verify_key, optarg); if (r < 0) return r; - /* Use memset not string_erase so this doesn't look confusing + /* Use memset not explicit_bzero() or similar so this doesn't look confusing * in ps or htop output. */ memset(optarg, 'x', strlen(optarg)); diff --git a/src/reply-password/reply-password.c b/src/reply-password/reply-password.c index 455788a1840..1a8a9a6d623 100644 --- a/src/reply-password/reply-password.c +++ b/src/reply-password/reply-password.c @@ -47,7 +47,7 @@ static int run(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Wrong number of arguments."); if (streq(argv[1], "1")) { - _cleanup_string_free_erase_ char *line = NULL; + _cleanup_(erase_and_freep) char *line = NULL; r = read_line(stdin, LONG_LINE_MAX, &line); if (r < 0) diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c index f7dde618d3e..d84170bc222 100644 --- a/src/test/test-string-util.c +++ b/src/test/test-string-util.c @@ -9,29 +9,6 @@ #include "utf8.h" #include "util.h" -static void test_string_erase(void) { - char *x; - - x = strdupa(""); - assert_se(streq(string_erase(x), "")); - - x = strdupa("1"); - assert_se(streq(string_erase(x), "")); - - x = strdupa("123456789"); - assert_se(streq(string_erase(x), "")); - - assert_se(x[1] == '\0'); - assert_se(x[2] == '\0'); - assert_se(x[3] == '\0'); - assert_se(x[4] == '\0'); - assert_se(x[5] == '\0'); - assert_se(x[6] == '\0'); - assert_se(x[7] == '\0'); - assert_se(x[8] == '\0'); - assert_se(x[9] == '\0'); -} - static void test_free_and_strndup_one(char **t, const char *src, size_t l, const char *expected, bool change) { int r; @@ -582,7 +559,6 @@ static void test_memory_startswith_no_case(void) { int main(int argc, char *argv[]) { test_setup_logging(LOG_DEBUG); - test_string_erase(); test_free_and_strndup(); test_ascii_strcasecmp_n(); test_ascii_strcasecmp_nn(); diff --git a/src/test/test-strv.c b/src/test/test-strv.c index 488025f23a3..903de18083c 100644 --- a/src/test/test-strv.c +++ b/src/test/test-strv.c @@ -227,60 +227,60 @@ static void test_invalid_unquote(const char *quoted) { } static void test_strv_split(void) { - _cleanup_strv_free_ char **l = NULL; + _cleanup_(strv_free_erasep) char **l = NULL; const char str[] = "one,two,three"; l = strv_split(str, ","); assert_se(l); assert_se(strv_equal(l, (char**) input_table_multiple)); - strv_free(l); + strv_free_erase(l); l = strv_split(" one two\t three", WHITESPACE); assert_se(l); assert_se(strv_equal(l, (char**) input_table_multiple)); - strv_free(l); + strv_free_erase(l); /* Setting NULL for separator is equivalent to WHITESPACE */ l = strv_split(" one two\t three", NULL); assert_se(l); assert_se(strv_equal(l, (char**) input_table_multiple)); - strv_free(l); + strv_free_erase(l); l = strv_split_full(" one two\t three", NULL, 0); assert_se(l); assert_se(strv_equal(l, (char**) input_table_multiple)); - strv_free(l); + strv_free_erase(l); l = strv_split_full(" 'one' \" two\t three \" ' four five'", NULL, SPLIT_QUOTES); assert_se(l); assert_se(strv_equal(l, (char**) input_table_quoted)); - strv_free(l); + strv_free_erase(l); /* missing last quote ignores the last element. */ l = strv_split_full(" 'one' \" two\t three \" ' four five' ' ignored element ", NULL, SPLIT_QUOTES); assert_se(l); assert_se(strv_equal(l, (char**) input_table_quoted)); - strv_free(l); + strv_free_erase(l); /* missing last quote, but the last element is _not_ ignored with SPLIT_RELAX. */ l = strv_split_full(" 'one' \" two\t three \" ' four five", NULL, SPLIT_QUOTES | SPLIT_RELAX); assert_se(l); assert_se(strv_equal(l, (char**) input_table_quoted)); - strv_free(l); + strv_free_erase(l); /* missing separator between */ l = strv_split_full(" 'one' \" two\t three \"' four five'", NULL, SPLIT_QUOTES | SPLIT_RELAX); assert_se(l); assert_se(strv_equal(l, (char**) input_table_quoted)); - strv_free(l); + strv_free_erase(l); l = strv_split_full(" 'one' \" two\t three \"' four five", NULL, SPLIT_QUOTES | SPLIT_RELAX); assert_se(l);