memset might be optimized away

libressl / openbsd

Source code pulled from OpenBSD for LibreSSL - this includes most of the library and supporting code. The place to contribute to this code is via the OpenBSD CVS tree. Please mail patches to tech@openbsd.org, instead of submitting pull requests, since this tree is often rebased.

231 stars 92 forks source link

memset might be optimized away #4

Closed SesterhennEric closed 10 years ago

SesterhennEric commented 10 years ago

When looking at this file (http://bxr.su/OpenBSD/lib/libcrypto/crypto/getentropy_linux.c), in line 510, there is a memset() to clear the results of the alternative entropy collection from a variable on the stack. If i understand this correctly, this is to make sure that if stack contents leak in another function, it is nothing sensitive. But the variable results is not accessed afterwards, so the compiler might optimize this away. Shouldnt explicit_bzero() be used here?

busterb commented 10 years ago

Sorry for the delay in responding, this was resolved in an earlier commit. Thanks for the report.