- Use explicit bzero for wiping clear buffer of hash in cachedb,

reported by Eric Sesterhenn from X41 D-Sec.
2025-12-20 23:00:56 -05:00 · 2019-09-11 15:31:03 +02:00 · 2019-09-11 15:31:03 +02:00 · 13d96540de
commit 13d96540de
parent e45e9f1ce0
2 changed files with 8 additions and 0 deletions
--- a/cachedb/cachedb.c
+++ b/cachedb/cachedb.c
@ -349,7 +349,11 @@ calc_hash(struct module_qstate* qstate, char* buf, size_t len)
 	
 	/* hash the buffer */
 	secalgo_hash_sha256(clear, clen, hash);
+#ifdef HAVE_EXPLICIT_BZERO
+	explicit_bzero(clear, clen);
+#else
 	memset(clear, 0, clen);
+#endif

 	/* hex encode output for portability (some online dbs need
 	 * no nulls, no control characters, and so on) */
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,7 @@
+11 September 2019: Wouter
+	- Use explicit bzero for wiping clear buffer of hash in cachedb,
+	  reported by Eric Sesterhenn from X41 D-Sec.
+
 9 September 2019: Wouter
 	- Fix #72: configure --with-syslog-facility=LOCAL0-7 with default
 	  LOG_DAEMON (as before) can set the syslog facility that the server