[Mono-bugs] [Bug 82819][Cos] New - Context.ClearKeyInfo doesn't zero-out secret keys
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Wed Sep 12 09:58:32 EDT 2007
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by pieter at mentalis.org.
http://bugzilla.ximian.com/show_bug.cgi?id=82819
--- shadow/82819 2007-09-12 09:58:32.000000000 -0400
+++ shadow/82819.tmp.23234 2007-09-12 09:58:32.000000000 -0400
@@ -0,0 +1,27 @@
+Bug#: 82819
+Product: Mono: Class Libraries
+Version: 1.2
+OS:
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Cosmetic
+Component: Mono.Security
+AssignedTo: sebastien at ximian.com
+ReportedBy: pieter at mentalis.org
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: Context.ClearKeyInfo doesn't zero-out secret keys
+
+This could be considered not to be a bug by some, but the the
+ClearKeyInfo method of the Mono.Security.Protocol.Tls.Context class
+doesn't zero out the secret key information, leaving the keys in memory.
+
+I would erase secret data from memory as soon as possible, which means
+adding code like this before setting the buffers to null:
+
+if (this.clientWriteKey != null)
+ Array.Clear(this.clientWriteKey, 0, this.clientWriteKey.Length);
More information about the mono-bugs
mailing list