Skip to content

fix: Zero out stack-allocated secret key before return.#2661

Merged
iphydf merged 1 commit intoTokTok:masterfrom
iphydf:memzero
Feb 9, 2024
Merged

fix: Zero out stack-allocated secret key before return.#2661
iphydf merged 1 commit intoTokTok:masterfrom
iphydf:memzero

Conversation

@iphydf
Copy link
Copy Markdown
Member

@iphydf iphydf commented Feb 9, 2024
edited
Loading

Issue found by iphydf (no tools for this, yet).

This change is Reviewable

@iphydf iphydf added this to the v0.2.19 milestone Feb 9, 2024
@iphydf iphydf marked this pull request as ready for review February 9, 2024 00:31
@codecov
Copy link
Copy Markdown

codecov bot commented Feb 9, 2024
edited
Loading

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (f058103) 73.77% compared to head (dab5fe4) 73.70%.

Files Patch % Lines
toxcore/group_chats.c 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2661      +/-   ##
==========================================
- Coverage   73.77%   73.70%   -0.08%     
==========================================
  Files         148      148              
  Lines       30476    30478       +2     
==========================================
- Hits        22485    22464      -21     
- Misses       7991     8014      +23

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

nurupo
nurupo approved these changes Feb 9, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@nurupo nurupo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

iphydf is no tool and leaving secret keys on the stack for someone else to read them later is a bad security practice indeed 👍

Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: :shipit: complete! 1 of 1 approvals obtained

@iphydf
fix: Zero out stack-allocated secret key before return.
dab5fe4 
Issue found by iphydf (no tools for this, yet).
@iphydf iphydf merged commit dab5fe4 into TokTok:master Feb 9, 2024
@iphydf iphydf deleted the memzero branch February 9, 2024 17:13
@nurupo nurupo mentioned this pull request Feb 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nurupo nurupo nurupo approved these changes

@robinlinden robinlinden robinlinden approved these changes

Assignees

@iphydf iphydf

Labels

None yet

Milestone

v0.2.19

Development

Successfully merging this pull request may close these issues.

3 participants

@iphydf @nurupo @robinlinden