Replace memset with OPENSSL_clear_free()

BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_clear_free() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-30 15:04:30 +0200
committer: Matt Caswell <matt@openssl.org> 2015-06-10 11:09:57 +0200
commit: 5d80fab086fe8849222613e20d7cf61839f94f5f (patch)
tree: 7b1e769100a70cee5dd63c9bef8a5eda0ec679f0 /crypto/buffer
parent: Make sure test/gost2814789test.c can see configuration macros (diff)
download: openssl-5d80fab086fe8849222613e20d7cf61839f94f5f.tar.xz
openssl-5d80fab086fe8849222613e20d7cf61839f94f5f.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index 37e5484dbd..2beacce6d7 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -88,8 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
         return;
 
     if (a->data != NULL) {
-        memset(a->data, 0, (unsigned int)a->max);
-        OPENSSL_free(a->data);
+        OPENSSL_clear_free(a->data, a->max);
     }
     OPENSSL_free(a);
 }
author	Matt Caswell <matt@openssl.org>	2015-04-30 15:04:30 +0200
committer	Matt Caswell <matt@openssl.org>	2015-06-10 11:09:57 +0200
commit	5d80fab086fe8849222613e20d7cf61839f94f5f (patch)
tree	7b1e769100a70cee5dd63c9bef8a5eda0ec679f0 /crypto/buffer
parent	Make sure test/gost2814789test.c can see configuration macros (diff)
download	openssl-5d80fab086fe8849222613e20d7cf61839f94f5f.tar.xz openssl-5d80fab086fe8849222613e20d7cf61839f94f5f.zip