On Tue, Jul 05, 2011, Miod Vallat wrote:
>> found by jsg.
>>
>> Index: lib/isc/hmacsha.c
>> ===================================================================
>> RCS file: /home/tedu/cvs/src/usr.sbin/bind/lib/isc/hmacsha.c,v
>> retrieving revision 1.1.1.1
>> diff -u -p -r1.1.1.1 hmacsha.c
>> --- lib/isc/hmacsha.c 9 Dec 2007 12:34:04 -0000 1.1.1.1
>> +++ lib/isc/hmacsha.c 5 Jul 2011 18:43:15 -0000
>> @@ -65,7 +65,7 @@ void
>> isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
>> isc_sha1_invalidate(&ctx->sha1ctx);
>> memset(ctx->key, 0, sizeof(ctx->key));
>> - memset(ctx, 0, sizeof(ctx));
>> + memset(ctx, 0, sizeof(*ctx));
>
> Then what purpose is there to keep ctx->key memset before?
obviously because the really secret bits need to be really erased. :)
that's a good catch.
