INIT zero out sensitive data before its freed

The iscsi_url and iscsi_context might contain clear text login credentials for an iscsi target. As Linux zeroes on allocate this data might remain in memory for a long time.
2012-11-03 02:12:46 +01:00
parent 871c56ce7a
commit a6caad107c
2 changed files with 5 additions and 1 deletions
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -331,6 +331,7 @@ try_again:
 	iscsi->frees+=old_iscsi->frees;

 	memcpy(old_iscsi, iscsi, sizeof(struct iscsi_context));
+	memset(iscsi, 0, sizeof(struct iscsi_context));
 	free(iscsi);

 	old_iscsi->is_reconnecting = 0;