Use explicit_bzero() if available

comm.c

@@ -91,7 +91,7 @@ bool write_comm_request(struct swaylock_password *pw) {
 	result = true;
 
 out:
-	clear_password_buffer(pw);
+	explicit_bzero(pw, sizeof(*pw));
 	return result;
 }
 

include/swaylock.h

@@ -2,6 +2,12 @@
 #define _SWAYLOCK_H
 #include <stdbool.h>
 #include <stdint.h>
+#ifdef HAVE_EXPLICIT_BZERO
+#include <string.h>
+#include <strings.h>
+#else
+void explicit_bzero(void *buf, size_t size);
+#endif
 #include <wayland-client.h>
 #include "background-image.h"
 #include "cairo.h"
@@ -133,6 +139,5 @@ void schedule_indicator_clear(struct swaylock_state *state);
 
 void initialize_pw_backend(int argc, char **argv);
 void run_pw_backend_child(void);
-void clear_buffer(char *buf, size_t size);
 
 #endif

meson.build

@@ -109,6 +109,7 @@ client_protos = declare_dependency(
 
 conf_data = configuration_data()
 conf_data.set10('HAVE_GDK_PIXBUF', gdk_pixbuf.found())
+conf_data.set10('HAVE_EXPLICIT_BZERO', cc.has_function('explicit_bzero'))
 
 subdir('include')
 

pam.c

@@ -103,11 +103,11 @@ void run_pw_backend_child(void) {
 		}
 
 		if (!write_comm_reply(success)) {
-			clear_buffer(pw_buf, size);
+			explicit_bzero(pw_buf, size);
 			exit(EXIT_FAILURE);
 		}
 
-		clear_buffer(pw_buf, size);
+		explicit_bzero(pw_buf, size);
 		free(pw_buf);
 		pw_buf = NULL;
 	}

password.c

@@ -12,19 +12,16 @@
 #include "swaylock.h"
 #include "unicode.h"
 
-void clear_buffer(char *buf, size_t size) {
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *buf, size_t size) {
 	// Use volatile keyword so so compiler can't optimize this out.
 	volatile char *buffer = buf;
 	volatile char zero = '\0';
 	for (size_t i = 0; i < size; ++i) {
 		buffer[i] = zero;
 	}
 }
-
-void clear_password_buffer(struct swaylock_password *pw) {
-	clear_buffer(pw->buffer, sizeof(pw->buffer));
-	pw->len = 0;
-}
+#endif
 
 static bool backspace(struct swaylock_password *pw) {
 	if (pw->len != 0) {
@@ -64,7 +61,7 @@ static void clear_password(void *data) {
 	struct swaylock_state *state = data;
 	state->clear_password_timer = NULL;
 	state->auth_state = AUTH_STATE_CLEAR;
-	clear_password_buffer(&state->password);
+	explicit_bzero(&state->password, sizeof state->password);
 	damage_state(state);
 	schedule_indicator_clear(state);
 }
@@ -116,7 +113,7 @@ void swaylock_handle_key(struct swaylock_state *state,
 		schedule_password_clear(state);
 		break;
 	case XKB_KEY_Escape:
-		clear_password_buffer(&state->password);
+		explicit_bzero(&state->password, sizeof state->password);
 		state->auth_state = AUTH_STATE_CLEAR;
 		damage_state(state);
 		schedule_indicator_clear(state);
@@ -148,7 +145,7 @@ void swaylock_handle_key(struct swaylock_state *state,
 	case XKB_KEY_c: /* fallthrough */
 	case XKB_KEY_u:
 		if (state->xkb.control) {
-			clear_password_buffer(&state->password);
+			explicit_bzero(&state->password, sizeof state->password);
 			state->auth_state = AUTH_STATE_CLEAR;
 			damage_state(state);
 			schedule_indicator_clear(state);

shadow.c

@@ -83,24 +83,24 @@ void run_pw_backend_child(void) {
 		char *c = crypt(buf, encpw);
 		if (c == NULL) {
 			swaylock_log_errno(LOG_ERROR, "crypt failed");
-			clear_buffer(buf, size);
+			explicit_bzero(buf, size);
 			exit(EXIT_FAILURE);
 		}
 		bool success = strcmp(c, encpw) == 0;
 
 		if (!write_comm_reply(success)) {
-			clear_buffer(buf, size);
+			explicit_bzero(buf, size);
 			exit(EXIT_FAILURE);
 		}
 
 		// We don't want to keep it in memory longer than necessary,
 		// so clear *before* sleeping.
-		clear_buffer(buf, size);
+		explicit_bzero(buf, size);
 		free(buf);
 
 		sleep(2);
 	}
 
-	clear_buffer(encpw, strlen(encpw));
+	explicit_bzero(encpw, strlen(encpw));
 	exit(EXIT_SUCCESS);
 }