Hello! I checked the source code of e2fsprogs using a static analyzer and found a couple of suspicious places.
Here they are:
misc/e4crypt.c file, 225 line.
The memset() call will be deleted by compiler in release build and sensitive data won`t be deleted.
misc/badblocks.c file, 806 line.
If I understand correctly, this loop is never executed because of num_saved=0 in 786 line. It is an old code, so I assume it works correctly, but it looks strange to me and I decided to mention it.
Thank you in advance for the answer, and I apologize for bothering you if I'm wrong.
Hello! I checked the source code of e2fsprogs using a static analyzer and found a couple of suspicious places. Here they are:
misc/e4crypt.c file, 225 line. The memset() call will be deleted by compiler in release build and sensitive data won`t be deleted.
misc/badblocks.c file, 806 line. If I understand correctly, this loop is never executed because of num_saved=0 in 786 line. It is an old code, so I assume it works correctly, but it looks strange to me and I decided to mention it.
Thank you in advance for the answer, and I apologize for bothering you if I'm wrong.