Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 116599
Status: new
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: nanis [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: memset calls to zero memory can be optimized away
Date: Sun, 31 Jul 2016 08:14:12 -0400
To: bug-Net-SSLeay [...] rt.cpan.org
From: "A. Sinan Unur" <nanis [...] cpan.org>
Download (untitled) / with headers
text/plain 821b
See https://cwe.mitre.org/data/definitions/14.html http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html http://www.daemonology.net/blog/2014-09-05-erratum.html C11 provides memset_s which may not be available on a lot of platforms. VC provides SecureZeroMemory (see <https://msdn.microsoft.com/en-us/library/windows/desktop/aa366877(v=vs.85).aspx>). OpenSSL provides a function OPENSSL_cleanse (see <https://www.openssl.org/docs/manmaster/crypto/OPENSSL_malloc.html>) among others. A search of the OpenSSL repo shows OPENSSL_cleans is used throughout the source. C:\Users\sinan\.cpanm\work\1469964982.3552\Net-SSLeay-1.76> findstr /ns memset *.xs SSLeay.xs:1315: memset(key_name, 0, sizeof(key_name)); SSLeay.xs:1320: memset(new_name, 0, sizeof(new_name)); SSLeay.xs:1367: memset(&t,0,sizeof(t));


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.