More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously used os_memset() to explicitly clear a stack buffer that contains keys when that clearing happened just before returning from the function. Since memset_s() is not exactly portable (or commonly available yet..), use a less robust mechanism that is still pretty likely to prevent current compilers from optimizing the explicit clearing of the memory away. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
e1923f5b6a
commit
31bc66e4d1
25 changed files with 98 additions and 72 deletions
|
@ -2044,7 +2044,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
|
|||
_out, skip + out_len);
|
||||
}
|
||||
|
||||
os_memset(master_key, 0, master_key_len);
|
||||
forced_memzero(master_key, master_key_len);
|
||||
if (ret == 0)
|
||||
os_memcpy(out, _out + skip, out_len);
|
||||
bin_clear_free(tmp_out, skip + out_len);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue