From a7afade1701a809f6a33b53525d59dd29b38d381 Mon Sep 17 00:00:00 2001
From: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sun, 31 Jul 2016 13:43:00 +0200
Subject: clear passwords with explicit_bzero

Make sure to explicitly clear memory that is used for password input. memset
is often optimized out by the compiler.

Brought to attention by the OpenBSD community, see:
https://marc.info/?t=146989502600003&r=1&w=2
Thread subject: x11/slock: clear passwords with explicit_bzero

Changes:

- explicit_bzero.c import from libressl-portable.
- Makefile: add COMPATSRC for compatibility src.
- config.mk: add separate *BSD section in config.mk to simply uncomment it on
  these platforms.
---
 config.mk | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'config.mk')

diff --git a/config.mk b/config.mk
index f93879e..3afc061 100644
--- a/config.mk
+++ b/config.mk
@@ -18,9 +18,13 @@ LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext -lXrandr
 CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H
 CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}
 LDFLAGS = -s ${LIBS}
+COMPATSRC = explicit_bzero.c
 
 # On *BSD remove -DHAVE_SHADOW_H from CPPFLAGS and add -DHAVE_BSD_AUTH
 # On OpenBSD and Darwin remove -lcrypt from LIBS
+#LIBS = -L/usr/lib -lc -L${X11LIB} -lX11 -lXext -lXrandr
+#CPPFLAGS = -DVERSION=\"${VERSION}\" -DHAVE_BSD_AUTH -D_BSD_SOURCE
+#COMPATSRC =
 
 # compiler and linker
 CC = cc
-- 
cgit v1.2.3