Re: Debian considers switching curl to use libssh instead of libssh2

Andreas Schneider via libssh2-devel Wed, 05 Jan 2022 07:05:58 -0800

On Tuesday, January 4, 2022 6:05:05 PM CET Will Cosgrove via libssh2-devel 
wrote:
> We do zero some sensitive data, but could be reviewed for completeness.


I don't know how you exactly zero sensitive data, but be aware that if you do:

memset()
free()

The optimizer will optimize away the memset(). You either use explicit_bzero() 
or protect the memset() with additional assembler code. There is also 
memset_s() or memset_secure() on some platforms.


        Andreas

-- 
Andreas Schneider                 a...@cryptomilk.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D


-- 
libssh2-devel mailing list
libssh2-devel@lists.haxx.se
https://lists.haxx.se/listinfo/libssh2-devel

Re: Debian considers switching curl to use libssh instead of libssh2

Reply via email to