http://www.viva64.com/en/b/0178/
OPENSSL_cleanse is being called with pointer size instead of the buffer size in
some places.
For example crypto/des/des.c:
void doencryption(void)
...
static unsigned char *buf=NULL,*obuf=NULL;
...
OPENSSL_cleanse(buf,sizeof(buf));
OPENSSL_cleanse(obuf,sizeof(obuf));
This is leaving memory uncleared.
--
Kees Cook @outflux.net
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
