From 88257910537e88a60371dcdb93c9021f29f28ac8 Mon Sep 17 00:00:00 2001
From: Ørjan Malde <red@foxi.me>
Date: May 07 2019 02:57:43 +0000
Subject: remove memset_noopt, provide implementation of explicit_bzero


---

diff --git a/explicit_bzero.c b/explicit_bzero.c
new file mode 100644
index 0000000..28adf2d
--- /dev/null
+++ b/explicit_bzero.c
@@ -0,0 +1,14 @@
+#ifdef HAVE_EXPLICIT_BZERO
+
+int dummy;
+
+#else
+
+#include <stdint.h>
+
+void explicit_bzero(void* s, size_t n)
+{
+	volatile char* buf = (volatile char*)s;
+	while(n-- *buf++ = '\0');
+}
+#endif
\ No newline at end of file
diff --git a/login.c b/login.c
index 62e1872..fdf63c5 100644
--- a/login.c
+++ b/login.c
@@ -26,6 +26,10 @@
 
 #include "login.h"
 
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void*, size_t);
+#endif
+
 
 static char* get_win32_username(void)
 {
@@ -43,12 +47,6 @@ static char* get_win32_username(void)
 #endif
 }
 
-/* force memset */
-static void __attribute__((optimize("O0"))) memset_noopt(void* mem, int c, size_t memsiz)
-{
-	memset(mem, c, memsiz);
-}
-
 static bool switch_user_context(struct passwd* pw, const char* username)
 {
 	/* temporary */
@@ -137,15 +135,17 @@ int main(int argc, char **argv)
 				char* pw_encrypted = crypt(pw, pwd->pw_passwd);
 				if(!timingsafe_memcmp(pw_encrypted, pwd->pw_passwd, strlen(pw_encrypted))) {
 					puts("Login incorrect.");
-					memset_noopt(pw, 0, strlen(pw));
+					explicit_bzero(pw, strlen(pw));
+					free(pw);
 					exit(1);
 				}
 			}
-			memset_noopt(pw, 0, strlen(pw));
+			explicit_bzero(pw, strlen(pw));
 		} else {
 			/* user doesn't exist, bail */
 			puts("Login incorrect.");
-			memset_noopt(pw, 0, strlen(pw));
+			explicit_bzero(pw, strlen(pw));
+			free(pw);
 			exit(1);
 		}
 	}