diff options
| -rw-r--r-- | src/assuan-defs.h | 10 | ||||
| -rw-r--r-- | src/assuan.c | 6 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/assuan-defs.h b/src/assuan-defs.h index 68cd810..cf0015e 100644 --- a/src/assuan-defs.h +++ b/src/assuan-defs.h @@ -404,6 +404,16 @@ int _assuan_asprintf (char **buf, const char *fmt, ...); #define DIM(v) (sizeof(v)/sizeof((v)[0])) +/* To avoid that a compiler optimizes memset calls away, these macros + can be used. */ +#define wipememory2(_ptr,_set,_len) do { \ + volatile char *_vptr=(volatile char *)(_ptr); \ + size_t _vlen=(_len); \ + while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \ + } while(0) +#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len) + + #if HAVE_W64_SYSTEM # define SOCKET2HANDLE(s) ((void *)(s)) # define HANDLE2SOCKET(h) ((uintptr_t)(h)) diff --git a/src/assuan.c b/src/assuan.c index 5cbb86c..d4c4b56 100644 --- a/src/assuan.c +++ b/src/assuan.c @@ -189,7 +189,11 @@ assuan_release (assuan_context_t ctx) _assuan_reset (ctx); /* None of the members that are our responsibility requires - deallocation. */ + deallocation. To avoid sensitive data in the line buffers we + wipe them out, though. Note that we can't wipe the entire + context because it also has a pointer to the actual free(). */ + wipememory (&ctx->inbound, sizeof ctx->inbound); + wipememory (&ctx->outbound, sizeof ctx->outbound); _assuan_free (ctx, ctx); } |