Debian considers switching curl to use libssh instead of libssh2
Andreas Schneider
asn at cryptomilk.org
Wed Jan 5 16:05:44 CET 2022
On Tuesday, January 4, 2022 6:05:05 PM CET Will Cosgrove via libssh2-devel
wrote:
> We do zero some sensitive data, but could be reviewed for completeness.
I don't know how you exactly zero sensitive data, but be aware that if you do:
memset()
free()
The optimizer will optimize away the memset(). You either use explicit_bzero()
or protect the memset() with additional assembler code. There is also
memset_s() or memset_secure() on some platforms.
Andreas
--
Andreas Schneider asn at cryptomilk.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the libssh2-devel
mailing list