DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 15:55:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

keys: remove misleading memset()

Browse Source 
After (re)loading symmetric NTP keys from the key file, there is an
attempt to erase the strings from the stack by calling memset() on the
buffer. However, compilers are free (and have been shown to do) optimize
this call out.

Remove the memset() call to not pretend the stack cannot not contain any
sensitive information. There is no such attempt made for the server and
client NTS keys.

Reported-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
This commit is contained in:
Miroslav Lichvar
2025-07-02 11:16:36 +02:00
parent c5d3be8cc4
commit d30913e78c
1 changed files with 0 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
keys.c
View File

@@ -265,9 +265,6 @@ KEY_Reload(void)
if (get_key(i - 1)->id == get_key(i)->id) if (get_key(i - 1)->id == get_key(i)->id)
LOG(LOGS_WARN, "Detected duplicate key %"PRIu32, get_key(i - 1)->id); LOG(LOGS_WARN, "Detected duplicate key %"PRIu32, get_key(i - 1)->id);
} }
/* Erase any passwords from stack */
memset(line, 0, sizeof (line));
} }
/* ================================================== */ /* ================================================== */