keys: remove misleading memset()

After (re)loading symmetric NTP keys from the key file, there is an
attempt to erase the strings from the stack by calling memset() on the
buffer. However, compilers are free (and have been shown to do) optimize
this call out.

Remove the memset() call to not pretend the stack cannot not contain any
sensitive information. There is no such attempt made for the server and
client NTS keys.

Reported-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>

diff --git a/keys.c b/keys.c
index c86685f94260fb89ce3c8def07d0fcff4f4df2c0..944a1550330050c193cab298eec6e7f70d2bf463 100644 (file)
--- a/keys.c
+++ b/keys.c
@@ -265,9 +265,6 @@ KEY_Reload(void)
     if (get_key(i - 1)->id == get_key(i)->id)
       LOG(LOGS_WARN, "Detected duplicate key %"PRIu32, get_key(i - 1)->id);
   }
-
-  /* Erase any passwords from stack */
-  memset(line, 0, sizeof (line));
 }
 
 /* ================================================== */