[patch] wipe secure memory after iconv failure
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 21 05:49:00 CET 2015
On Sun 2015-01-04 18:48:23 -0500, Eygene Ryabinkin wrote:
> Gentlemen, good day.
> Seems like recent fix for sm/minip12.c wasn't totally fine:
> it closed the double-free issue, but left the possibility
> for parts of the translated password to be left in-memory.
> The patch at
> should fix that.
> Any thoughts on this?
if iconv can choke partway through, I think you're probably correct.
and it's probably safer to do what you're suggesting anyway.
I'm attaching the patch to this e-mail so that it can be processed
offline and it is stored in the mail archive as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 993 bytes
Desc: not available
More information about the Gnupg-devel