From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 31 Jan 2019 15:25:27 +0000 (+0000)
Subject: - Wipe TLS session key data from memory on exit.
X-Git-Tag: release-1.9.1rc1~30
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=281030d5768b962b4c319a6378bb62e645a13f63;p=thirdparty%2Funbound.git

- Wipe TLS session key data from memory on exit.


git-svn-id: file:///svn/unbound/trunk@5098 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 0608fb236..e4938533f 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -8,6 +8,7 @@
 	  still supports the set_id_callback previous API.  And for 1.1.0
 	  no locking callbacks are needed.
 	- #8: Fix OpenSSL without ENGINE support compilation.
+	- Wipe TLS session key data from memory on exit.
 
 30 January 2019: Ralph
 	- Fix case in which query timeout can result in marking delegation
diff --git a/util/net_help.c b/util/net_help.c
index 1f62148dd..2b1be9246 100644
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -1235,6 +1235,7 @@ listen_sslctx_delete_ticket_keys(void)
 	struct tls_session_ticket_key *key;
 	if(!ticket_keys) return;
 	for(key = ticket_keys; key->key_name != NULL; key++) {
+		memset(key->key_name, 0xdd, 80); /* wipe key data from memory*/
 		free(key->key_name);
 	}
 	free(ticket_keys);