> On Nov 17, 2017, at 3:07 PM, Stuart Henderson <[email protected]> wrote: > > On 2017/11/17 21:55, Jeremie Courreges-Anglas wrote: >> On Sat, Nov 11 2017, Scott Cheloha <[email protected]> wrote: >>> Hi, >>> >>> You want explicit_bzero(3) for these buffers. >>> >>> Zeroing a buffer is compiler- and system-dependent, so I added a >>> new macro. >> >> I have committed the fixed version, with the macro.
Thanks! Sorry about the quoted-printable garbage, working on setting up a real mail client for patches asap. >>> I'll send a pull request upstream if this goes in. >> >> Well, pppd from base seems a bit away from "upstream", or am I missing >> something? > > Sadly, upstream removed a lot of their OS support some years ago. Although base pppd has drifted and upstream's OS support has dwindled, my impression from reading the source code is that the intent was to clear the sensitive buffers, so perhaps Mackerras will accept the patch and then individual downstreams can, at their leisure, substitute a preferred compiler-proof buffer-clearing function in for the EXPLICIT_BZERO macro. Worth a shot, was all I was thinking. -- Scott Cheloha
