bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] read-file: add variants that clear internal memory

From: Bruno Haible
Subject: Re: [PATCH] read-file: add variants that clear internal memory
Date: Tue, 26 May 2020 12:54:41 +0200
User-agent: KMail/5.1.3 (Linux/4.4.0-177-generic; KDE/5.18.0; x86_64; ; ) 
Hi Daiki,

> The functions provided by the read-file module are handy, but they are
> suboptimal for reading sensitive materials, because they do not clear
> the allocated memory blocks upon failure.
> ...
> It's tempting to make this behavior enabled by default, but I worry that
> it may cause any performance drawback.

Correct. For sensitive data, often different algorithms need to be used.
Explicit clearing of memory, avoiding algorithms whose running time depends
on the data, and possibly more.

> The attached patch adds a set of variants that deal with that.

Instead of doubling the number of functions of this header file, how about
adding a flags argument to the functions?

  #define RF_BINARY    0x1
  #define RF_SENSITIVE 0x2

  extern char *fread_file (FILE * stream, int flags, size_t * length);

  extern char *read_file (const char *filename, int flags, size_t * length);

This way, the public interface of this header file even shrinks to 2 functions.

Yes, this breaks source-code backward compatibility, but Gnulib policy allows
this [1], and the users will have an easy migration path: just add a zero
argument for the flags.

If you agree, I'd like to see two commits:
  1. the introduction of the flags and RF_BINARY,
  2. the RF_SENSITIVE flag.

Do you want me to code the first commit, or do you want to do it?

Bruno

[1] https://www.gnu.org/software/gnulib/manual/html_node/Steady-Development.html
reply via email to
[Prev in Thread] Current Thread [Next in Thread]