romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-16 21:46:20 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/CMake
History
Viktor Szakats 066478f634
src: add curlx_memzero() to clear buffers securely 
To safely zero memory, introduce `curlx_memzero()`, and map it to
`memset_s()` (C11) or `memset_explicit()` (C23) if auto-detected, or
`explicit_bzero()` or `explicit_memset()` for platforms opted-in, or
fall back to a local workaround if all unavailable. On Windows, always
use `SecureZeroMemory()`, or `SecureZeroMemory2()` with Visual Studio
and Windows SDK 10.0.26100.0+.

Details above are experimental and may change if they cause issues.

Also add macros/functions that zero memory before freeing a buffer:
- `curlx_safefreezero()`: for buffers with size.
- `curlx_safefreezeroz()`: for null-terminated buffers.
- `curlx_freezero()`: for buffers with size.
- `curlx_freezeroz()`: for null-terminated buffers.

`curlx_memzero()` must not be passed a NULL pointer because in some
implementations it is undefined behavior.

Also:
- curl_sha512_256: Replace hard-wired `explicit_memset()` call with new
  `curlx_memzero()`.

Refs:
https://en.cppreference.com/c/string/byte/memset
https://man7.org/linux/man-pages/man3/explicit_bzero.3.html
https://man.freebsd.org/cgi/man.cgi?query=explicit_bzero
https://man.netbsd.org/NetBSD-7.2/explicit_memset.3
https://learn.microsoft.com/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
https://learn.microsoft.com/windows/win32/memory/winbase-securezeromemory2
https://learn.microsoft.com/cpp/overview/compiler-versions
https://learn.microsoft.com/windows/apps/windows-sdk/downloads
https://jtsoya539.github.io/windows-sdk-versions/

Credits-to: Daniel Gustafsson
Credits-to: Will Cosgrove and co-authors in libssh2
Ref: #13589 (original attempt)
Ref: #21588

Closes #21598
2026-05-16 00:26:46 +02:00
..
cmake_uninstall.in.cmake cmake: match filename suffixes with file content 2025-12-20 11:34:27 +01:00
curl-config.in.cmake cmake: export/forward NGTCP2_CRYPTO_BACKEND 2026-05-11 21:53:39 +02:00
CurlSymbolHiding.cmake build: merge TrackMemory (CURLDEBUG) into debug-enabled option 2026-01-19 18:43:17 +01:00
CurlTests.c badwords: avoid 'simply' 2026-03-10 19:34:06 +01:00
FindBrotli.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindCares.cmake cmake: add CMake Config-based dependency detection for c-ares, wolfSSL 2026-03-26 11:20:03 +01:00
FindGnuTLS.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindGSS.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindLDAP.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindLibbacktrace.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindLibgsasl.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindLibidn2.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindLibpsl.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindLibssh.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindLibssh2.cmake cmake: add CMake Config-based dependency detection 2026-03-21 18:52:31 +01:00
FindLibuv.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindMbedTLS.cmake cmake: add CMake Config-based dependency detection 2026-03-21 18:52:31 +01:00
FindNettle.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindNGHTTP2.cmake cmake: auto-select static nghttp2/nghttp3/ngtcp2 Config 2026-05-11 11:57:25 +02:00
FindNGHTTP3.cmake cmake: auto-select static nghttp2/nghttp3/ngtcp2 Config 2026-05-11 11:57:25 +02:00
FindNGTCP2.cmake cmake: export/forward NGTCP2_CRYPTO_BACKEND 2026-05-11 21:53:39 +02:00
FindQuiche.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindRustls.cmake cmake: drop support for CMake 3.17 and older 2026-03-21 13:24:47 +01:00
FindWolfSSL.cmake cmake: add CMake Config-based dependency detection for c-ares, wolfSSL 2026-03-26 11:20:03 +01:00
FindZstd.cmake cmake: fix zstd CMake config name 2026-05-11 12:08:32 +02:00
Macros.cmake cmake: improve passing build options to try_compile() 2026-03-31 13:23:46 +02:00
OtherTests.cmake cmake: use AIX built-in variable (with CMake 4.0+) 2026-03-30 13:05:17 +02:00
PickyWarnings.cmake tidy-up: miscellaneous 2026-04-14 01:08:32 +02:00
unix-cache.cmake src: add curlx_memzero() to clear buffers securely 2026-05-16 00:26:46 +02:00
Utilities.cmake cmake: fix LOCATION property access condition (debug) 2026-03-06 15:35:27 +01:00
win32-cache.cmake src: drop detecting and redefining system symbol ftruncate 2026-03-30 13:46:14 +02:00