securely wipe secret information in pairs

diff --git a/src/include/build.h b/src/include/build.h
index ec00bbc481807132a59ee0540245d6406e5b6328..98a04de56398a90f7d2c4ae6cf559bd4f6a104c1 100644 (file)
--- a/src/include/build.h
+++ b/src/include/build.h
@@ -77,6 +77,8 @@ extern "C" {
  */
 #include <stdint.h>
 #include <stddef.h>
+
+#define __STDC_WANT_LIB_EXT1__ 1
 #include <string.h>
 
 /*

diff --git a/src/lib/util/pair.c b/src/lib/util/pair.c
index 2c52255ecc14bbb0612e732f9d836416d439df28..66b870258f09c2b40fdab7c3f027067720a7a3a2 100644 (file)
--- a/src/lib/util/pair.c
+++ b/src/lib/util/pair.c
@@ -87,7 +87,13 @@ static int _fr_pair_free(fr_pair_t *vp)
                fr_pair_list_free(&vp->vp_group);
                break;
 
+       case FR_TYPE_STRING:
+       case FR_TYPE_OCTETS:
+               if (vp->data.secret) (void) memset_s(vp->vp_ptr, vp->vp_length, 0, vp->vp_length);
+               break;
+
        default:
+               if (vp->data.secret) (void) memset_s(&vp->data, sizeof(vp->data), 0, sizeof(vp->data));
                break;
        }
 

diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index 8ff187ea9f744b1bf319df797962879f8618ebc3..bfb4631685d5f83428cc719ba1886b0a6b6b0221 100644 (file)
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -3525,6 +3525,7 @@ void fr_value_box_clear_value(fr_value_box_t *data)
        switch (data->type) {
        case FR_TYPE_OCTETS:
        case FR_TYPE_STRING:
+               if (data->secret) (void) memset_s(data->datum.ptr, data->vb_length, 0, data->vb_length);
                talloc_free(data->datum.ptr);
                break;