From f9ea9dbc4b598e4da9e074f60d54815122e8a7cd Mon Sep 17 00:00:00 2001 From: reyk Date: Tue, 6 May 2014 11:11:14 +0000 Subject: [PATCH] Explicitly zero out the ibufs before releasing the memory to make sure that included crypto parameters are cleaned. ok mikeb@ markus@ --- sbin/iked/imsg_util.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sbin/iked/imsg_util.c b/sbin/iked/imsg_util.c index ef86d3c8658..f88321757b2 100644 --- a/sbin/iked/imsg_util.c +++ b/sbin/iked/imsg_util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: imsg_util.c,v 1.8 2013/10/24 02:55:50 deraadt Exp $ */ +/* $OpenBSD: imsg_util.c,v 1.9 2014/05/06 11:11:14 reyk Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -45,7 +45,7 @@ ibuf_cat(struct ibuf *dst, struct ibuf *src) void ibuf_zero(struct ibuf *buf) { - memset(buf->buf, 0, buf->wpos); + explicit_bzero(buf->buf, buf->wpos); } struct ibuf * @@ -103,8 +103,10 @@ ibuf_release(struct ibuf *buf) { if (buf == NULL) return; - if (buf->buf != NULL) + if (buf->buf != NULL) { + ibuf_zero(buf); free(buf->buf); + } free(buf); } -- 2.20.1