[varnishcache/varnish-cache] explicit_bzero() causing havoc (#3051)
Geoff Simmons
geoff at uplex.de
Mon Sep 16 12:35:51 UTC 2019
On 9/16/19 13:37, Poul-Henning Kamp wrote:
> Solved in #3057
Repeating my comment in github on the commit (to make sure that everyone
can see it):
The EXPLICIT_BZERO check is still AC_REQUIRE'd in varnish.m4, from
VARNISH_PREREQ and _VARNISH_CHECK_DEVEL, which are used in VMOD
development. Since it's not defined now, this leads to a cascade of
error messages when autogen.sh is called for a VMOD.
Apparently these can be ignored -- I can now compile without a
workaround for ZERO_OBJ. Thank you, I will stop screaming into the abyss
now.
It's worth pointing out, however, that Colin Percival concluded in his
blog that not even this solution guarantees that the memset call won't
be optimized out:
https://www.daemonology.net/blog/2014-09-05-erratum.html
But this gets us much closer to something that will work on most
platforms. It's OpenSSL's solution for wiping keys in memory, so one
hopes that it works most of the time.
--
** * * UPLEX - Nils Goroll Systemoptimierung
Scheffelstraße 32
22301 Hamburg
Tel +49 40 2880 5731
Mob +49 176 636 90917
Fax +49 40 42949753
http://uplex.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20190916/48769897/attachment.bin>
More information about the varnish-dev
mailing list