[openssl.org #2910] OPENSSL_cleanse called with wrong size

Kees Cook via RT Thu, 08 Nov 2012 03:58:32 -0800

http://www.viva64.com/en/b/0178/


OPENSSL_cleanse is being called with pointer size instead of the buffer size in 
some places.
For example crypto/des/des.c:

void doencryption(void)
...
        static unsigned char *buf=NULL,*obuf=NULL;
...
        OPENSSL_cleanse(buf,sizeof(buf));
        OPENSSL_cleanse(obuf,sizeof(obuf));

This is leaving memory uncleared.

-- 
Kees Cook                                            @outflux.net

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

[openssl.org #2910] OPENSSL_cleanse called with wrong size

Reply via email to