From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 23 Dec 2016 11:19:47 +0000 (+0100)
Subject: DNSCrypt: Don't call `sodium_memzero()` right before `sodium_munlock()`
X-Git-Tag: rec-4.1.0-alpha1~318^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2256635b5c0cec71f4a30f67ca088ae4e933e9c;p=thirdparty%2Fpdns.git

DNSCrypt: Don't call `sodium_memzero()` right before `sodium_munlock()`

The documentation states that `sodium_munlock()` will properly zero
the memory before making it swappable, so we don't need to call
`sodium_memzero()` ourselves.
---

diff --git a/pdns/dnscrypt.cc b/pdns/dnscrypt.cc
index 2e4d9ca1b3..5014e452a2 100644
--- a/pdns/dnscrypt.cc
+++ b/pdns/dnscrypt.cc
@@ -56,7 +56,6 @@ void DnsCryptPrivateKey::saveToFile(const std::string& keyFile) const
 
 DnsCryptPrivateKey::~DnsCryptPrivateKey()
 {
-  sodium_memzero(key, sizeof(key));
   sodium_munlock(key, sizeof(key));
 }
 
@@ -67,7 +66,6 @@ DnsCryptQuery::DnsCryptQuery()
 
 DnsCryptQuery::~DnsCryptQuery()
 {
-  sodium_memzero(sharedKey, sizeof(sharedKey));
   sodium_munlock(sharedKey, sizeof(sharedKey));
 }