]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8992e8c)
- Wipe TLS session key data from memory on exit.
authorWouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 31 Jan 2019 15:25:27 +0000 (15:25 +0000)
committerWouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 31 Jan 2019 15:25:27 +0000 (15:25 +0000)
git-svn-id: file:///svn/unbound/trunk@5098 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog patch | blob | blame | history
util/net_help.c patch | blob | blame | history

diff --git a/doc/Changelog b/doc/Changelog
index 0608fb23698ef36e1bfacf55ba13430c5cdee2bb..e4938533fec4dd51c873bdf557a61fa3e90c975c 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -8,6 +8,7 @@
          still supports the set_id_callback previous API.  And for 1.1.0
          no locking callbacks are needed.
        - #8: Fix OpenSSL without ENGINE support compilation.
+       - Wipe TLS session key data from memory on exit.
 
 30 January 2019: Ralph
        - Fix case in which query timeout can result in marking delegation
diff --git a/util/net_help.c b/util/net_help.c
index 1f62148ddc5936e7cb795d463afa8a9cd84bbf44..2b1be92460baea38d33c8e1e192fb52588734840 100644 (file)
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -1235,6 +1235,7 @@ listen_sslctx_delete_ticket_keys(void)
        struct tls_session_ticket_key *key;
        if(!ticket_keys) return;
        for(key = ticket_keys; key->key_name != NULL; key++) {
+               memset(key->key_name, 0xdd, 80); /* wipe key data from memory*/
                free(key->key_name);
        }
        free(ticket_keys);
Mirror of https://github.com/NLnetLabs/unbound.git