- Fix to wipe ssl ticket keys from memory with explicit_bzero,

  if available.

git-svn-id: file:///svn/unbound/trunk@5153 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index bb09fa39add1ea4548355c0117e5ddc01cbbe193..0d110b214cf55151f4d32eb2a4b6a73f75128e54 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,8 @@
          multicast DNS [RFC 6762] via Avahi.  The plugin communicates
          with Avahi via DBus. The comment section at the beginning of
          the file contains detailed documentation.
+       - Fix to wipe ssl ticket keys from memory with explicit_bzero,
+         if available.
 
 5 April 2019: Wouter
        - Fix to reinit event structure for accepted TCP (and TLS) sockets.

diff --git a/util/net_help.c b/util/net_help.c
index a6c3fd5cccb2300838907a9251a5c80d1049c0df..13bcdf8085bff3546bd3b055ce3d57c7d9370359 100644 (file)
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -1245,7 +1245,12 @@ listen_sslctx_delete_ticket_keys(void)
        struct tls_session_ticket_key *key;
        if(!ticket_keys) return;
        for(key = ticket_keys; key->key_name != NULL; key++) {
-               memset(key->key_name, 0xdd, 80); /* wipe key data from memory*/
+               /* wipe key data from memory*/
+#ifdef HAVE_EXPLICIT_BZERO
+               explicit_bzero(key->key_name, 80);
+#else
+               memset(key->key_name, 0xdd, 80);
+#endif
                free(key->key_name);
        }
        free(ticket_keys);