From d30913e78c7798ec2689a0b56cb3b5fd58631eec Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 2 Jul 2025 11:16:36 +0200
Subject: [PATCH] keys: remove misleading memset()

After (re)loading symmetric NTP keys from the key file, there is an
attempt to erase the strings from the stack by calling memset() on the
buffer. However, compilers are free (and have been shown to do) optimize
this call out.

Remove the memset() call to not pretend the stack cannot not contain any
sensitive information. There is no such attempt made for the server and
client NTS keys.

Reported-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
---
 keys.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/keys.c b/keys.c
index c86685f9..944a1550 100644
--- a/keys.c
+++ b/keys.c
@@ -265,9 +265,6 @@ KEY_Reload(void)
     if (get_key(i - 1)->id == get_key(i)->id)
       LOG(LOGS_WARN, "Detected duplicate key %"PRIu32, get_key(i - 1)->id);
   }
-
-  /* Erase any passwords from stack */
-  memset(line, 0, sizeof (line));
 }
 
 /* ================================================== */
-- 
2.47.2