[varnishcache/varnish-cache] explicit_bzero() causing havoc (#3051)

Poul-Henning Kamp phk at phk.freebsd.dk
Mon Sep 16 14:31:47 UTC 2019

In message <7b7463af-bd3f-8cfe-acb9-d231cfaa37ab at uplex.de>, Geoff Simmons write

>The EXPLICIT_BZERO check is still AC_REQUIRE'd in varnish.m4, from
>development. Since it's not defined now, this leads to a cascade of
>error messages when autogen.sh is called for a VMOD.

Ticket please, that is out of my comfort area.

>It's worth pointing out, however, that Colin Percival concluded in his
>blog that not even this solution guarantees that the memset call won't
>be optimized out:

I took that as more of a judgement of the sanity of the ISO-C
committee and compiler writers in general, as a problem we need
to deal with.

>But this gets us much closer to something that will work on most
>platforms. It's OpenSSL's solution for wiping keys in memory, so one
>hopes that it works most of the time.

Ohh God!

Now you just inspired all "cyberforces" to start implementing
compiler optimizations...  :-)

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-dev mailing list