From 5d80fab086fe8849222613e20d7cf61839f94f5f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 30 Apr 2015 14:04:30 +0100 Subject: [PATCH] Replace memset with OPENSSL_clear_free() BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_clear_free() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson --- crypto/buffer/buffer.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index 37e5484dbd..2beacce6d7 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -88,8 +88,7 @@ void BUF_MEM_free(BUF_MEM *a) return; if (a->data != NULL) { - memset(a->data, 0, (unsigned int)a->max); - OPENSSL_free(a->data); + OPENSSL_clear_free(a->data, a->max); } OPENSSL_free(a); } -- 2.25.1