From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 11 Sep 2019 13:31:03 +0000 (+0200)
Subject: - Use explicit bzero for wiping clear buffer of hash in cachedb,
X-Git-Tag: release-1.9.6rc1~114
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13d96540de32c7c3016146496b3be0b9619528bb;p=thirdparty%2Funbound.git

- Use explicit bzero for wiping clear buffer of hash in cachedb,
  reported by Eric Sesterhenn from X41 D-Sec.
---

diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c
index 08389a432..92217db3d 100644
--- a/cachedb/cachedb.c
+++ b/cachedb/cachedb.c
@@ -349,7 +349,11 @@ calc_hash(struct module_qstate* qstate, char* buf, size_t len)
 	
 	/* hash the buffer */
 	secalgo_hash_sha256(clear, clen, hash);
+#ifdef HAVE_EXPLICIT_BZERO
+	explicit_bzero(clear, clen);
+#else
 	memset(clear, 0, clen);
+#endif
 
 	/* hex encode output for portability (some online dbs need
 	 * no nulls, no control characters, and so on) */
diff --git a/doc/Changelog b/doc/Changelog
index 19d4e2d8d..8fac8f128 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+11 September 2019: Wouter
+	- Use explicit bzero for wiping clear buffer of hash in cachedb,
+	  reported by Eric Sesterhenn from X41 D-Sec.
+
 9 September 2019: Wouter
 	- Fix #72: configure --with-syslog-facility=LOCAL0-7 with default
 	  LOG_DAEMON (as before) can set the syslog facility that the server