[strongSwan-dev] PFKey plugin and memwipe
Jean-Francois HREN
jean-francois.hren at stormshield.eu
Fri Sep 24 10:23:30 CEST 2021
Thank you for your help.
I tested the branch and it works fine.
I have a small remark though. You pass "&request" to memwipe calls. It works but maybe "request" or "&request[0]" would be more legible.
Thank you.
De: "Tobias Brunner" <tobias at strongswan.org>
À: "jean-francois hren" <jean-francois.hren at stormshield.eu>, "dev" <dev at lists.strongswan.org>
Envoyé: Jeudi 23 Septembre 2021 15:33:43
Objet: Re: [strongSwan-dev] PFKey plugin and memwipe
Hi Jean-Francois,
> In the PFKey plugin for handling SP and SA
> (src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c), no memwipe is
> done after an SA add, query or update on the request and/or out buffers
> as it is done in the Netlink plugin
> (src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c).
> Is there any technical reason it is not done ?
No, I don't think there is. I pushed a fix to the pfkey-memwipe branch.
Regards,
Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20210924/24ffec8f/attachment.html>
More information about the Dev
mailing list