Commit 23cd01ef authored by Matt Caswell's avatar Matt Caswell
Browse files

Replace memset with OPENSSL_cleanse() 



BUF_MEM_free() attempts to cleanse memory using memset immediately prior
to a free. This is at risk of being optimised away by the compiler, so
replace with a call to OPENSSL_cleanse() instead.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: default avatarStephen Henson <steve@openssl.org>
parent dcad51bc

crypto/buffer/buffer.c

+1 −1
Original line number Diff line number Diff line
@@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a) 
        return;



    if (a->data != NULL) {

        memset(a->data, 0, (unsigned int)a->max);

        OPENSSL_cleanse(a->data, a->max);

        OPENSSL_free(a->data);

    }

    OPENSSL_free(a);