upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix to wipe ssl ticket keys from memory with explicit_bzero,

Browse source 
if available.


git-svn-id: file:///svn/unbound/trunk@5153 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2019-04-08 14:42:08 +00:00
parent 32b1d900ff
commit bd3c02bd59
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -7,6 +7,8 @@
multicast DNS [RFC 6762] via Avahi. The plugin communicates multicast DNS [RFC 6762] via Avahi. The plugin communicates
with Avahi via DBus. The comment section at the beginning of with Avahi via DBus. The comment section at the beginning of
the file contains detailed documentation. the file contains detailed documentation.
- Fix to wipe ssl ticket keys from memory with explicit_bzero,
if available.
5 April 2019: Wouter 5 April 2019: Wouter
- Fix to reinit event structure for accepted TCP (and TLS) sockets. - Fix to reinit event structure for accepted TCP (and TLS) sockets.

7
util/net_help.c
View file

@ -1245,7 +1245,12 @@ listen_sslctx_delete_ticket_keys(void)
struct tls_session_ticket_key *key; struct tls_session_ticket_key *key;
if(!ticket_keys) return; if(!ticket_keys) return;
for(key = ticket_keys; key->key_name != NULL; key++) { for(key = ticket_keys; key->key_name != NULL; key++) {
memset(key->key_name, 0xdd, 80); /* wipe key data from memory*/ /* wipe key data from memory*/
#ifdef HAVE_EXPLICIT_BZERO
explicit_bzero(key->key_name, 80);
#else
memset(key->key_name, 0xdd, 80);
#endif
free(key->key_name); free(key->key_name);
} }
free(ticket_keys); free(ticket_keys);