about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2021-07-04 13:35:07 -0400
committerJune McEnroe <june@causal.agency>2021-07-04 19:46:01 -0400
commit871df6b47e9d31a7e5c38541730ac5c4a85f6931 (patch)
tree2f3b568b1513296742ffc41cfe1e06345d38031d
parentAttempt to keep "security" in README accurate (diff)
downloadcatgirl-871df6b47e9d31a7e5c38541730ac5c4a85f6931.tar.gz
catgirl-871df6b47e9d31a7e5c38541730ac5c4a85f6931.zip
Clear private key data after handshake
Alternative to a patch by Klemens Nanni creating an ircHandshake()
function to explicitly handshake and clear key data.
Diffstat (limited to '')
-rw-r--r--irc.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/irc.c b/irc.c
index 5f14c9e..8856030 100644
--- a/irc.c
+++ b/irc.c
@@ -43,12 +43,13 @@
 
 #include "chat.h"
 
-struct tls *client;
+static struct tls_config *config;
+static struct tls *client;
 
 void ircConfig(
 	bool insecure, const char *trust, const char *cert, const char *priv
 ) {
-	struct tls_config *config = tls_config_new();
+	config = tls_config_new();
 	if (!config) errx(EX_SOFTWARE, "tls_config_new");
 
 	int error;
@@ -103,7 +104,6 @@ void ircConfig(
 
 	error = tls_configure(client, config);
 	if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(client));
-	tls_config_free(config);
 }
 
 int ircConnect(const char *bindHost, const char *host, const char *port) {
@@ -201,6 +201,14 @@ void ircSend(const char *ptr, size_t len) {
 		ptr += ret;
 		len -= ret;
 	}
+
+	// Private key data isn't needed anymore after the first write causes the
+	// handshake, but client will keep a reference to config.
+	if (config) {
+		tls_config_clear_keys(config);
+		tls_config_free(config);
+		config = NULL;
+	}
 }
 
 void ircFormat(const char *format, ...) {