From bd3c02bd59922626b6a4bfff4600b7786d9382e4 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Mon, 8 Apr 2019 14:42:08 +0000 Subject: [PATCH] - Fix to wipe ssl ticket keys from memory with explicit_bzero, if available. git-svn-id: file:///svn/unbound/trunk@5153 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 2 ++ util/net_help.c | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/Changelog b/doc/Changelog index bb09fa39a..0d110b214 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -7,6 +7,8 @@ multicast DNS [RFC 6762] via Avahi. The plugin communicates with Avahi via DBus. The comment section at the beginning of the file contains detailed documentation. + - Fix to wipe ssl ticket keys from memory with explicit_bzero, + if available. 5 April 2019: Wouter - Fix to reinit event structure for accepted TCP (and TLS) sockets. diff --git a/util/net_help.c b/util/net_help.c index a6c3fd5cc..13bcdf808 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -1245,7 +1245,12 @@ listen_sslctx_delete_ticket_keys(void) struct tls_session_ticket_key *key; if(!ticket_keys) return; for(key = ticket_keys; key->key_name != NULL; key++) { - memset(key->key_name, 0xdd, 80); /* wipe key data from memory*/ + /* wipe key data from memory*/ +#ifdef HAVE_EXPLICIT_BZERO + explicit_bzero(key->key_name, 80); +#else + memset(key->key_name, 0xdd, 80); +#endif free(key->key_name); } free(ticket_keys); -- 2.47.3