1 files changed, 58 insertions, 24 deletions
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3
index c65c08ef98..c7a79b5e3d 100644
--- a/src/lib/libc/stdlib/malloc.3
+++ b/src/lib/libc/stdlib/malloc.3
@@ -30,18 +30,19 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: malloc.3,v 1.109 2017/04/06 17:00:52 otto Exp $
+.\"     $OpenBSD: malloc.3,v 1.110 2017/04/10 05:45:02 otto Exp $
 .\"
-.Dd $Mdocdate: April 6 2017 $
+.Dd $Mdocdate: April 10 2017 $
 .Dt MALLOC 3
 .Os
 .Sh NAME
 .Nm malloc ,
 .Nm calloc ,
-.Nm reallocarray ,
-.Nm recallocarray ,
 .Nm realloc ,
 .Nm free
+.Nm reallocarray ,
+.Nm recallocarray ,
+.Nm freezero ,
 .Nd memory allocation and deallocation
 .Sh SYNOPSIS
 .In stdlib.h
@@ -50,15 +51,23 @@
 .Ft void *
 .Fn calloc "size_t nmemb" "size_t size"
 .Ft void *
+.Fn realloc "void *ptr" "size_t size"
+.Ft void
+.Fn free "void *ptr"
+.Ft void *
 .Fn reallocarray "void *ptr" "size_t nmemb" "size_t size"
 .Ft void *
 .Fn recallocarray "void *ptr" "size_t oldnmemb" "size_t nmemb" "size_t size"
-.Ft void *
-.Fn realloc "void *ptr" "size_t size"
 .Ft void
-.Fn free "void *ptr"
+.Fn freezero "void *ptr" "size_t size"
 .Vt char *malloc_options ;
 .Sh DESCRIPTION
+The standard functions
+.Fn malloc ,
+.Fn calloc ,
+and
+.Fn realloc
+allocate memory space.
 The
 .Fn malloc
 function allocates uninitialized space for an object of
@@ -103,6 +112,26 @@ behaves like
 and allocates a new object.
 .Pp
 The
+.Fn free
+function causes the space pointed to by
+.Fa ptr
+to be either placed on a list of free blocks to make it available for future
+allocation or, when appropiate, to be returned to the kernel using
+.Xr munmap 2 .
+If
+.Fa ptr
+is a
+.Dv NULL
+pointer, no action occurs.
+If
+.Fa ptr
+was previously freed by
+.Fn free
+or a reallocation function,
+the behavior is undefined and the double free is a security concern.
+.Pp
+Designed for safe allocation of arrays,
+the
 .Fn reallocarray
 function is similar to
 .Fn realloc
@@ -115,7 +144,8 @@ and checks for integer overflow in the calculation
 *
 .Fa size .
 .Pp
-The
+Used for the allocation of memory holding sensitive data,
+the
 .Fn recallocarray
 function is similar to
 .Fn reallocarray
@@ -150,23 +180,25 @@ is the size of the earlier allocation that returned
 otherwise the behaviour is undefined.
 .Pp
 The
+.Fn freezero
+function is similar to the
 .Fn free
-function causes the space pointed to by
+function except it ensures the memory being deallocated is explicitly
-.Fa ptr
+discarded.
-to be either placed on a list of free pages to make it available for future
-allocation or, if required, to be returned to the kernel using
-.Xr munmap 2 .
 If
 .Fa ptr
-is a
+is
-.Dv NULL
+.Dv NULL ,
-pointer, no action occurs.
+no action occurs.
 If
 .Fa ptr
-was previously freed by
+is not
-.Fn free
+.Dv NULL ,
-or a reallocation function,
+the
-the behavior is undefined and the double free is a security concern.
+.Fa size
+argument must be the size of the earlier allocation that returned
+.Fa ptr ,
+otherwise the behaviour is undefined.
 .Sh RETURN VALUES
 Upon successful completion, the allocation functions
 return a pointer to the allocated space; otherwise, a
@@ -319,10 +351,8 @@ function should be used for resizing objects containing sensitive data like
 keys.
 To avoid leaking information,
 it guarantees memory is cleared before placing it on the internal free list.
-A
+Deallocation of such an object should be done by calling
-.Fn free
+.Fn freezero .
-call for such an object should still be preceded by a call to
-.Xr explicit_bzero 3 .
 .Sh ENVIRONMENT
 .Bl -tag -width "/etc/malloc.conf"
 .It Ev MALLOC_OPTIONS
@@ -539,6 +569,10 @@ The
 .Fn recallocarray
 function appeared in
 .Ox 6.1 .
+The
+.Fn freezero
+function appeared in
+.Ox 6.2 .
 .Sh CAVEATS
 When using
 .Fn malloc ,

diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3 index c65c08ef98..c7a79b5e3d 100644 --- a/src/lib/libc/stdlib/malloc.3 +++ b/src/lib/libc/stdlib/malloc.3
@@ -30,18 +30,19 @@
30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	.\" SUCH DAMAGE.	31	.\" SUCH DAMAGE.
32	.\"	32	.\"
33	.\" $OpenBSD: malloc.3,v 1.109 2017/04/06 17:00:52 otto Exp $	33	.\" $OpenBSD: malloc.3,v 1.110 2017/04/10 05:45:02 otto Exp $
34	.\"	34	.\"
35	.Dd $Mdocdate: April 6 2017 $	35	.Dd $Mdocdate: April 10 2017 $
36	.Dt MALLOC 3	36	.Dt MALLOC 3
37	.Os	37	.Os
38	.Sh NAME	38	.Sh NAME
39	.Nm malloc ,	39	.Nm malloc ,
40	.Nm calloc ,	40	.Nm calloc ,
41	.Nm reallocarray ,
42	.Nm recallocarray ,
43	.Nm realloc ,	41	.Nm realloc ,
44	.Nm free	42	.Nm free
		43	.Nm reallocarray ,
		44	.Nm recallocarray ,
		45	.Nm freezero ,
45	.Nd memory allocation and deallocation	46	.Nd memory allocation and deallocation
46	.Sh SYNOPSIS	47	.Sh SYNOPSIS
47	.In stdlib.h	48	.In stdlib.h
@@ -50,15 +51,23 @@
50	.Ft void *	51	.Ft void *
51	.Fn calloc "size_t nmemb" "size_t size"	52	.Fn calloc "size_t nmemb" "size_t size"
52	.Ft void *	53	.Ft void *
		54	.Fn realloc "void *ptr" "size_t size"
		55	.Ft void
		56	.Fn free "void *ptr"
		57	.Ft void *
53	.Fn reallocarray "void *ptr" "size_t nmemb" "size_t size"	58	.Fn reallocarray "void *ptr" "size_t nmemb" "size_t size"
54	.Ft void *	59	.Ft void *
55	.Fn recallocarray "void *ptr" "size_t oldnmemb" "size_t nmemb" "size_t size"	60	.Fn recallocarray "void *ptr" "size_t oldnmemb" "size_t nmemb" "size_t size"
56	.Ft void *
57	.Fn realloc "void *ptr" "size_t size"
58	.Ft void	61	.Ft void
59	.Fn free "void *ptr"	62	.Fn freezero "void *ptr" "size_t size"
60	.Vt char *malloc_options ;	63	.Vt char *malloc_options ;
61	.Sh DESCRIPTION	64	.Sh DESCRIPTION
		65	The standard functions
		66	.Fn malloc ,
		67	.Fn calloc ,
		68	and
		69	.Fn realloc
		70	allocate memory space.
62	The	71	The
63	.Fn malloc	72	.Fn malloc
64	function allocates uninitialized space for an object of	73	function allocates uninitialized space for an object of
@@ -103,6 +112,26 @@ behaves like
103	and allocates a new object.	112	and allocates a new object.
104	.Pp	113	.Pp
105	The	114	The
		115	.Fn free
		116	function causes the space pointed to by
		117	.Fa ptr
		118	to be either placed on a list of free blocks to make it available for future
		119	allocation or, when appropiate, to be returned to the kernel using
		120	.Xr munmap 2 .
		121	If
		122	.Fa ptr
		123	is a
		124	.Dv NULL
		125	pointer, no action occurs.
		126	If
		127	.Fa ptr
		128	was previously freed by
		129	.Fn free
		130	or a reallocation function,
		131	the behavior is undefined and the double free is a security concern.
		132	.Pp
		133	Designed for safe allocation of arrays,
		134	the
106	.Fn reallocarray	135	.Fn reallocarray
107	function is similar to	136	function is similar to
108	.Fn realloc	137	.Fn realloc
@@ -115,7 +144,8 @@ and checks for integer overflow in the calculation
115	*	144	*
116	.Fa size .	145	.Fa size .
117	.Pp	146	.Pp
118	The	147	Used for the allocation of memory holding sensitive data,
		148	the
119	.Fn recallocarray	149	.Fn recallocarray
120	function is similar to	150	function is similar to
121	.Fn reallocarray	151	.Fn reallocarray
@@ -150,23 +180,25 @@ is the size of the earlier allocation that returned
150	otherwise the behaviour is undefined.	180	otherwise the behaviour is undefined.
151	.Pp	181	.Pp
152	The	182	The
		183	.Fn freezero
		184	function is similar to the
153	.Fn free	185	.Fn free
154	function causes the space pointed to by	186	function except it ensures the memory being deallocated is explicitly
155	.Fa ptr	187	discarded.
156	to be either placed on a list of free pages to make it available for future
157	allocation or, if required, to be returned to the kernel using
158	.Xr munmap 2 .
159	If	188	If
160	.Fa ptr	189	.Fa ptr
161	is a	190	is
162	.Dv NULL	191	.Dv NULL ,
163	pointer, no action occurs.	192	no action occurs.
164	If	193	If
165	.Fa ptr	194	.Fa ptr
166	was previously freed by	195	is not
167	.Fn free	196	.Dv NULL ,
168	or a reallocation function,	197	the
169	the behavior is undefined and the double free is a security concern.	198	.Fa size
		199	argument must be the size of the earlier allocation that returned
		200	.Fa ptr ,
		201	otherwise the behaviour is undefined.
170	.Sh RETURN VALUES	202	.Sh RETURN VALUES
171	Upon successful completion, the allocation functions	203	Upon successful completion, the allocation functions
172	return a pointer to the allocated space; otherwise, a	204	return a pointer to the allocated space; otherwise, a
@@ -319,10 +351,8 @@ function should be used for resizing objects containing sensitive data like
319	keys.	351	keys.
320	To avoid leaking information,	352	To avoid leaking information,
321	it guarantees memory is cleared before placing it on the internal free list.	353	it guarantees memory is cleared before placing it on the internal free list.
322	A	354	Deallocation of such an object should be done by calling
323	.Fn free	355	.Fn freezero .
324	call for such an object should still be preceded by a call to
325	.Xr explicit_bzero 3 .
326	.Sh ENVIRONMENT	356	.Sh ENVIRONMENT
327	.Bl -tag -width "/etc/malloc.conf"	357	.Bl -tag -width "/etc/malloc.conf"
328	.It Ev MALLOC_OPTIONS	358	.It Ev MALLOC_OPTIONS
@@ -539,6 +569,10 @@ The
539	.Fn recallocarray	569	.Fn recallocarray
540	function appeared in	570	function appeared in
541	.Ox 6.1 .	571	.Ox 6.1 .
		572	The
		573	.Fn freezero
		574	function appeared in
		575	.Ox 6.2 .
542	.Sh CAVEATS	576	.Sh CAVEATS
543	When using	577	When using
544	.Fn malloc ,	578	.Fn malloc ,