From 5e080e7c4ab624f0aae02945af20dd35d1277e20 Mon Sep 17 00:00:00 2001
From: Dhruv Paranjape <d.paranjape@catawiki.nl>
Date: Wed, 19 Jul 2023 12:57:20 +0200
Subject: [PATCH] Use memset_s to clear auth password.

There is a possibility that memset is optimised away, which would be
problematic when clearing the password. Thus we replace memset with
memset_s which has a far stricter language preventing this optimisation.
---
 src/client.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/client.c b/src/client.c
index 9a68a05e..ca11d39a 100644
--- a/src/client.c
+++ b/src/client.c
@@ -1,4 +1,5 @@
 #include <fcntl.h>
+#include <string.h>
 
 #include "trilogy/client.h"
 #include "trilogy/error.h"
@@ -401,7 +402,7 @@ int trilogy_auth_switch_send(trilogy_conn_t *conn, const trilogy_handshake_t *ha
 void trilogy_auth_clear_password(trilogy_conn_t *conn)
 {
     if (conn->socket->opts.password) {
-        memset(conn->socket->opts.password, 0, conn->socket->opts.password_len);
+        memset_s(conn->socket->opts.password, conn->socket->opts.password_len, 0, conn->socket->opts.password_len);
     }
 }