Opened 8 years ago
Closed 8 years ago
#751 closed Bug / Defect (fixed)
When erasing secrets, use a memset() that's not optimized away
Reported by: | Steffan Karger | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | beta 2.4 |
Component: | Crypto | Version: | OpenVPN 2.3.12 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | hardening constant-time |
Cc: |
Description
We have a number of memset calls like this in the code:
ret = true; exit: CLEAR (key2); return ret;
Where CLEAR(x)
does a memset(x, 0, sizeof(x))
. Modern compilers will detect that x
is never read afterwards, and optimize away the memset(x)
call. In the cases where we want to erase secrets, replace the memset()
calls with something that won't be optimized away (which is not sufficient, I know, but at least makes bugs like hardbleed a little harder to exploit).
Hints: use memset_s()
, and provide our own implementation if it is not available.
Change History (2)
comment:2 Changed 8 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed in commit 009521ac8ae613084b23b9e3e5dc4ebeccd4c6c8.
Note: See
TracTickets for help on using
tickets.