[varnishcache/varnish-cache] explicit_bzero() causing havoc (#3051)

[Poul-Henning Kamp]

--------
In message <7b7463af-bd3f-8cfe-acb9-d231cfaa37ab at uplex.de>, Geoff Simmons write
s:

>The EXPLICIT_BZERO check is still AC_REQUIRE'd in varnish.m4, from
>VARNISH_PREREQ and _VARNISH_CHECK_DEVEL, which are used in VMOD
>development. Since it's not defined now, this leads to a cascade of
>error messages when autogen.sh is called for a VMOD.

Ticket please, that is out of my comfort area.

>It's worth pointing out, however, that Colin Percival concluded in his
>blog that not even this solution guarantees that the memset call won't
>be optimized out:
>
>https://www.daemonology.net/blog/2014-09-05-erratum.html

I took that as more of a judgement of the sanity of the ISO-C
committee and compiler writers in general, as a problem we need
to deal with.

>But this gets us much closer to something that will work on most
>platforms. It's OpenSSL's solution for wiping keys in memory, so one
>hopes that it works most of the time.

Ohh God!

Now you just inspired all "cyberforces" to start implementing
compiler optimizations...  :-)

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.