[Mono-bugs] [Bug 82819][Cos] New - Context.ClearKeyInfo doesn't zero-out secret keys

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Sep 12 09:58:32 EDT 2007

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by pieter at mentalis.org.


--- shadow/82819	2007-09-12 09:58:32.000000000 -0400
+++ shadow/82819.tmp.23234	2007-09-12 09:58:32.000000000 -0400
@@ -0,0 +1,27 @@
+Bug#: 82819
+Product: Mono: Class Libraries
+Version: 1.2
+OS Details: 
+Status: NEW   
+Priority: Cosmetic
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com                            
+ReportedBy: pieter at mentalis.org               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+Summary: Context.ClearKeyInfo doesn't zero-out secret keys
+This could be considered not to be a bug by some, but the the 
+ClearKeyInfo method of the Mono.Security.Protocol.Tls.Context class 
+doesn't zero out the secret key information, leaving the keys in memory. 
+I would erase secret data from memory as soon as possible, which means 
+adding code like this before setting the buffers to null:
+if (this.clientWriteKey != null)
+  Array.Clear(this.clientWriteKey, 0, this.clientWriteKey.Length);

More information about the mono-bugs mailing list