Clear full buffer in buf_truncate() and buf_free()

This reduces the chances of passwords and other secrets lying around in
memory when we're done. Arguably if anyone can just read memory of the
VPN client while it's running, the game is already lost... but still,
this is easy enough to do, and it's been reported as CVE-2018-20319.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/http.c b/http.c
index 7ff3bf7568d2fb21fb72651f9fe1487cb0710f38..d1941247bd30d46c49a3eaadb74975b45feb6028 100644 (file)
--- a/http.c
+++ b/http.c
@@ -81,9 +81,10 @@ void buf_truncate(struct oc_text_buf *buf)
        if (!buf)
                return;
 
-       buf->pos = 0;
        if (buf->data)
-               buf->data[0] = 0;
+               memset(buf->data, 0, buf->pos);
+
+       buf->pos = 0;
 }
 
 int buf_ensure_space(struct oc_text_buf *buf, int len)
@@ -290,6 +291,7 @@ int buf_free(struct oc_text_buf *buf)
        int error = buf_error(buf);
 
        if (buf) {
+               buf_truncate(buf);
                if (buf->data)
                        free(buf->data);
                free(buf);