- Use explicit bzero for wiping clear buffer of hash in cachedb,

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Wed, 11 Sep 2019 13:31:03 +0000 (15:31 +0200)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Wed, 11 Sep 2019 13:31:03 +0000 (15:31 +0200)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 11 Sep 2019 13:31:03 +0000 (15:31 +0200)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 11 Sep 2019 13:31:03 +0000 (15:31 +0200)
diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c

index 08389a4323d488ec8a5eaf6c1ceddbda2709fd1a..92217db3db156d9e60e265c9f037773c496f2b22 100644 (file)
--- a/cachedb/cachedb.c
+++ b/cachedb/cachedb.c
@@ -349,7 +349,11 @@ calc_hash(struct module_qstate* qstate, char* buf, size_t len)
         
         /* hash the buffer */
         secalgo_hash_sha256(clear, clen, hash);
+#ifdef HAVE_EXPLICIT_BZERO
+       explicit_bzero(clear, clen);
+#else
         memset(clear, 0, clen);
+#endif
  
         /* hex encode output for portability (some online dbs need
          * no nulls, no control characters, and so on) */
diff --git a/doc/Changelog b/doc/Changelog

index 19d4e2d8d400747340df9671683a71aa5f040c35..8fac8f128fa985cffc9cf8b8ca508888a458647c 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+11 September 2019: Wouter
+       - Use explicit bzero for wiping clear buffer of hash in cachedb,
+         reported by Eric Sesterhenn from X41 D-Sec.
+
  9 September 2019: Wouter
         - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default
           LOG_DAEMON (as before) can set the syslog facility that the server
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Wed, 11 Sep 2019 13:31:03 +0000 (15:31 +0200)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Wed, 11 Sep 2019 13:31:03 +0000 (15:31 +0200)
cachedb/cachedb.c		patch \| blob \| blame \| history
doc/Changelog		patch \| blob \| blame \| history