romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-04 02:14:38 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/lib/curlx/strdup.c
Viktor Szakats 066478f634
src: add curlx_memzero() to clear buffers securely 
To safely zero memory, introduce `curlx_memzero()`, and map it to
`memset_s()` (C11) or `memset_explicit()` (C23) if auto-detected, or
`explicit_bzero()` or `explicit_memset()` for platforms opted-in, or
fall back to a local workaround if all unavailable. On Windows, always
use `SecureZeroMemory()`, or `SecureZeroMemory2()` with Visual Studio
and Windows SDK 10.0.26100.0+.

Details above are experimental and may change if they cause issues.

Also add macros/functions that zero memory before freeing a buffer:
- `curlx_safefreezero()`: for buffers with size.
- `curlx_safefreezeroz()`: for null-terminated buffers.
- `curlx_freezero()`: for buffers with size.
- `curlx_freezeroz()`: for null-terminated buffers.

`curlx_memzero()` must not be passed a NULL pointer because in some
implementations it is undefined behavior.

Also:
- curl_sha512_256: Replace hard-wired `explicit_memset()` call with new
  `curlx_memzero()`.

Refs:
https://en.cppreference.com/c/string/byte/memset
https://man7.org/linux/man-pages/man3/explicit_bzero.3.html
https://man.freebsd.org/cgi/man.cgi?query=explicit_bzero
https://man.netbsd.org/NetBSD-7.2/explicit_memset.3
https://learn.microsoft.com/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
https://learn.microsoft.com/windows/win32/memory/winbase-securezeromemory2
https://learn.microsoft.com/cpp/overview/compiler-versions
https://learn.microsoft.com/windows/apps/windows-sdk/downloads
https://jtsoya539.github.io/windows-sdk-versions/

Credits-to: Daniel Gustafsson
Credits-to: Will Cosgrove and co-authors in libssh2
Ref: #13589 (original attempt)
Ref: #21588

Closes #21598
2026-05-16 00:26:46 +02:00

125 lines
3.6 KiB
C
Raw Blame History

/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
***************************************************************************/
#include "curl_setup.h"
#ifdef _WIN32
#include <wchar.h>
#endif
#include "curlx/strdup.h"
#ifdef _WIN32
/***************************************************************************
*
* curlx_wcsdup(source)
*
* Copies the 'source' wchar string to a newly allocated buffer (that is
* returned). Used by macro curlx_tcsdup().
*
* Returns the new pointer or NULL on failure.
*
***************************************************************************/
wchar_t *curlx_wcsdup(const wchar_t *src)
{
size_t length = wcslen(src);
if(length > (SIZE_MAX / sizeof(wchar_t)) - 1)
return (wchar_t *)NULL; /* integer overflow */
return (wchar_t *)curlx_memdup(src, (length + 1) * sizeof(wchar_t));
}
#endif
/***************************************************************************
*
* curlx_memdup(source, length)
*
* Copies the 'source' data to a newly allocated buffer (that is
* returned). Copies 'length' bytes.
*
* Returns the new pointer or NULL on failure.
*
***************************************************************************/
void *curlx_memdup(const void *src, size_t length)
{
void *buffer = curlx_malloc(length);
if(!buffer)
return NULL; /* fail */
memcpy(buffer, src, length);
return buffer;
}
/***************************************************************************
*
* curlx_memdup0(source, length)
*
* Copies the 'source' string to a newly allocated buffer (that is returned).
* Copies 'length' bytes then adds a null-terminator.
*
* Returns the new pointer or NULL on failure.
*
***************************************************************************/
void *curlx_memdup0(const char *src, size_t length)
{
char *buf = (length < SIZE_MAX) ? curlx_malloc(length + 1) : NULL;
if(!buf)
return NULL;
if(length) {
DEBUGASSERT(src); /* must never be NULL */
memcpy(buf, src, length);
}
buf[length] = 0;
return buf;
}
#ifdef USE_CURLX_MEMZERO
static void *(* const volatile p_curlx_memset)(void *buf, int val,
size_t size) = memset;
/* Local fallback in case there is no system function to securely zero a memory
buffer. */
void curlx_memzero(void *buf, size_t size)
{
if(buf)
p_curlx_memset(buf, 0, size);
}
#endif
/* Free 'buf' after zeroing its content. */
void curlx_freezero(void *buf, size_t size)
{
if(buf)
curlx_memzero(buf, size);
curlx_free(buf);
}
/* Free 'buf' after zeroing its content, where 'buf' is null-terminated. */
void curlx_freezeroz(void *buf)
{
if(buf)
curlx_memzero(buf, strlen(buf));
curlx_free(buf);
}
Reference in a new issue View git blame Copy permalink