Use memset_s or explicit_bzero

2 files changed, 10 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index 9fd8ef2..893b904 100644
--- a/configure.ac
+++ b/configure.ac
@@ -375,6 +375,9 @@ AC_CHECK_FUNCS(logout updwtmp logwtmp)
 AC_CHECK_HEADERS([mach/mach_time.h])
 AC_CHECK_FUNCS(mach_absolute_time)
 
+AC_CHECK_FUNCS(explicit_bzero memset_s)
+
+
 AC_ARG_ENABLE(bundled-libtom,
 [  --enable-bundled-libtom       Force using bundled libtomcrypt/libtommath even if a system version exists.
   --disable-bundled-libtom      Force using system libtomcrypt/libtommath, fail if it does not exist.
diff --git a/dbutil.c b/dbutil.c
index 93b03a3..27f0fd1 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -564,6 +564,12 @@ void * m_realloc(void* ptr, size_t size) {
 /* Beware of calling this from within dbutil.c - things might get
  * optimised away */
 void m_burn(void *data, unsigned int len) {
+
+#if defined(HAVE_MEMSET_S)
+	memset_s(data, len, 0x0, len);
+#elif defined(HAVE_EXPLICIT_BZERO)
+	explicit_bzero(data, len);
+#else
 	volatile char *p = data;
 
 	if (data == NULL)
@@ -571,6 +577,7 @@ void m_burn(void *data, unsigned int len) {
 	while (len--) {
 		*p++ = 0x0;
 	}
+#endif
 }