From: tedu Date: Sun, 10 Jul 2016 23:07:34 +0000 (+0000) Subject: zero the read buffer after copying data to user so it doesn't linger. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e7cea41db1f0a0106619ce2b35ff8797563a8c03;p=openbsd zero the read buffer after copying data to user so it doesn't linger. ok beck --- diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 153b37612f7..0e97be6728b 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.57 2015/09/12 16:10:07 doug Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.58 2016/07/10 23:07:34 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -956,6 +956,7 @@ start: memcpy(buf, &(rr->data[rr->off]), n); if (!peek) { + memset(&(rr->data[rr->off]), 0, n); rr->length -= n; rr->off += n; if (rr->length == 0) { diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 153b37612f7..0e97be6728b 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.57 2015/09/12 16:10:07 doug Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.58 2016/07/10 23:07:34 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -956,6 +956,7 @@ start: memcpy(buf, &(rr->data[rr->off]), n); if (!peek) { + memset(&(rr->data[rr->off]), 0, n); rr->length -= n; rr->off += n; if (rr->length == 0) {