Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Zero out stack-allocated secret key before return. #2661

Merged
merged 1 commit into from
Feb 9, 2024
Merged

fix: Zero out stack-allocated secret key before return. #2661

merged 1 commit into from
Feb 9, 2024

Conversation

iphydf
Copy link
Member

@iphydf iphydf commented Feb 9, 2024
edited
Loading

Issue found by iphydf (no tools for this, yet).

This change is Reviewable

@iphydf iphydf added this to the v0.2.19 milestone Feb 9, 2024
@iphydf iphydf marked this pull request as ready for review February 9, 2024 00:31
@codecov Codecov
Copy link

codecov bot commented Feb 9, 2024
edited
Loading

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (f058103) 73.77% compared to head (dab5fe4) 73.70%.

Files Patch % Lines
toxcore/group_chats.c 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2661      +/-   ##
==========================================
- Coverage   73.77%   73.70%   -0.08%     
==========================================
  Files         148      148              
  Lines       30476    30478       +2     
==========================================
- Hits        22485    22464      -21     
- Misses       7991     8014      +23

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

nurupo
nurupo approved these changes Feb 9, 2024
View reviewed changes
Copy link
Member

@nurupo nurupo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

iphydf is no tool and leaving secret keys on the stack for someone else to read them later is a bad security practice indeed 👍

Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: :shipit: complete! 1 of 1 approvals obtained

@iphydf
fix: Zero out stack-allocated secret key before return.
dab5fe4 
Issue found by iphydf (no tools for this, yet).
@iphydf iphydf merged commit dab5fe4 into TokTok:master Feb 9, 2024
59 of 61 checks passed
@iphydf iphydf deleted the memzero branch February 9, 2024 17:13
@nurupo nurupo mentioned this pull request Feb 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nurupo nurupo nurupo approved these changes

@robinlinden robinlinden robinlinden approved these changes

Assignees

@iphydf iphydf

Labels
None yet
Milestone
v0.2.19
Development

Successfully merging this pull request may close these issues.
3 participants
@iphydf @nurupo @robinlinden