From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 2 Jul 2025 09:16:36 +0000 (+0200)
Subject: keys: remove misleading memset()
X-Git-Tag: 4.8-pre1~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d30913e78c7798ec2689a0b56cb3b5fd58631eec;p=thirdparty%2Fchrony.git

keys: remove misleading memset()

After (re)loading symmetric NTP keys from the key file, there is an
attempt to erase the strings from the stack by calling memset() on the
buffer. However, compilers are free (and have been shown to do) optimize
this call out.

Remove the memset() call to not pretend the stack cannot not contain any
sensitive information. There is no such attempt made for the server and
client NTS keys.

Reported-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
---

diff --git a/keys.c b/keys.c
index c86685f9..944a1550 100644
--- a/keys.c
+++ b/keys.c
@@ -265,9 +265,6 @@ KEY_Reload(void)
     if (get_key(i - 1)->id == get_key(i)->id)
       LOG(LOGS_WARN, "Detected duplicate key %"PRIu32, get_key(i - 1)->id);
   }
-
-  /* Erase any passwords from stack */
-  memset(line, 0, sizeof (line));
 }
 
 /* ================================================== */