[patch] wipe secure memory after iconv failure

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 21 05:49:00 CET 2015


On Sun 2015-01-04 18:48:23 -0500, Eygene Ryabinkin wrote:
> Gentlemen, good day.
>
> Seems like recent fix for sm/minip12.c wasn't totally fine:
> it closed the double-free issue, but left the possibility
> for parts of the translated password to be left in-memory.
>
> The patch at
>   http://codelabs.ru/patches/gnupg/2015-apply-secure-wipe-after-iconv-failure.diff
> should fix that.
>
> Any thoughts on this?

if iconv can choke partway through, I think you're probably correct.
and it's probably safer to do what you're suggesting anyway.

I'm attaching the patch to this e-mail so that it can be processed
offline and it is stored in the mail archive as well.

Werner, WDYT?

        --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2015-apply-secure-wipe-after-iconv-failure.diff
Type: text/x-diff
Size: 993 bytes
Desc: not available
URL: </pipermail/attachments/20150120/888335df/attachment.diff>


More information about the Gnupg-devel mailing list