From eca7079b411c5ee09e6af59645a1086c4939e94d Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 28 Mar 2018 23:20:12 +0200
Subject: [PATCH] dnsdist: Add support for explicit_bzero() and
 explicit_memset()

---
 pdns/dnsdistdist/m4/dnsdist_check_gnutls.m4 |  2 +-
 pdns/dnsdistdist/tcpiohandler.cc            | 30 ++++++++++++---------
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/pdns/dnsdistdist/m4/dnsdist_check_gnutls.m4 b/pdns/dnsdistdist/m4/dnsdist_check_gnutls.m4
index 77bb03f14..65b116a4f 100644
--- a/pdns/dnsdistdist/m4/dnsdist_check_gnutls.m4
+++ b/pdns/dnsdistdist/m4/dnsdist_check_gnutls.m4
@@ -18,7 +18,7 @@ AC_DEFUN([DNSDIST_CHECK_GNUTLS], [
         save_LIBS=$LIBS
         CFLAGS="$GNUTLS_CFLAGS $CFLAGS"
         LIBS="$GNUTLS_LIBS $LIBS"
-        AC_CHECK_FUNCS([gnutls_memset])
+        AC_CHECK_FUNCS([gnutls_memset explicit_bzero explicit_memset])
         CFLAGS=$save_CFLAGS
         LIBS=$save_LIBS
 
diff --git a/pdns/dnsdistdist/tcpiohandler.cc b/pdns/dnsdistdist/tcpiohandler.cc
index 0408fcd92..b674bc5e0 100644
--- a/pdns/dnsdistdist/tcpiohandler.cc
+++ b/pdns/dnsdistdist/tcpiohandler.cc
@@ -546,19 +546,23 @@ std::atomic<uint64_t> OpenSSLTLSIOCtx::s_users(0);
 #ifndef HAVE_LIBSODIUM
 void safe_memset(void* data, int c, size_t size)
 {
-#ifdef HAVE_GNUTLS_MEMSET
-      gnutls_memset(data, c, size);
-#else
-      /* shamelessly taken from Dovecot's src/lib/safe-memset.c */
-      volatile unsigned int volatile_zero_idx = 0;
-      volatile unsigned char *p = reinterpret_cast<volatile unsigned char *>(data);
-
-      if (size == 0)
-        return;
-
-      do {
-        memset(data, c, size);
-      } while (p[volatile_zero_idx] != c);
+#if defined(HAVE_EXPLICIT_BZERO)
+  explicit_bzero(data, size);
+#elif defined(HAVE_EXPLICIT_MEMSET)
+  explicit_memset(data, c, size);
+#elif defined(HAVE_GNUTLS_MEMSET)
+  gnutls_memset(data, c, size);
+#else /* HAVE_GNUTLS_MEMSET */
+  /* shamelessly taken from Dovecot's src/lib/safe-memset.c */
+  volatile unsigned int volatile_zero_idx = 0;
+  volatile unsigned char *p = reinterpret_cast<volatile unsigned char *>(data);
+
+  if (size == 0)
+    return;
+
+  do {
+    memset(data, c, size);
+  } while (p[volatile_zero_idx] != c);
 #endif /* HAVE_GNUTLS_MEMSET */
 }
 #endif /* HAVE_LIBSODIUM */
-- 
2.40.0