From 51deda34b3f75abb9952d0450cf7503e808dffd7 Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 17 Apr 2017 21:58:27 +0000 Subject: [PATCH] some freezero() calls --- usr.sbin/httpd/server.c | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index 9ff532d7746..45be38f1389 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.108 2017/03/25 17:25:34 claudio Exp $ */ +/* $OpenBSD: server.c,v 1.109 2017/04/17 21:58:27 deraadt Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter @@ -302,10 +302,8 @@ server_tls_init(struct server *srv) /* We're now done with the public/private key... */ tls_config_clear_keys(srv->srv_tls_config); - explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); - explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); - free(srv->srv_conf.tls_cert); - free(srv->srv_conf.tls_key); + freezero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); + freezero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); srv->srv_conf.tls_cert = NULL; srv->srv_conf.tls_key = NULL; srv->srv_conf.tls_cert_len = 0; @@ -418,16 +416,8 @@ serverconfig_free(struct server_config *srv_conf) free(srv_conf->tls_key_file); free(srv_conf->tls_ocsp_staple_file); free(srv_conf->tls_ocsp_staple); - - if (srv_conf->tls_cert != NULL) { - explicit_bzero(srv_conf->tls_cert, srv_conf->tls_cert_len); - free(srv_conf->tls_cert); - } - - if (srv_conf->tls_key != NULL) { - explicit_bzero(srv_conf->tls_key, srv_conf->tls_key_len); - free(srv_conf->tls_key); - } + freezero(srv_conf->tls_cert, srv_conf->tls_cert_len); + freezero(srv_conf->tls_key, srv_conf->tls_key_len); } void -- 2.20.1