Details
-
Suggestion
-
Resolution: Unresolved
-
P4: Low
-
None
-
5.13.0 Beta 1
-
None
Description
There's quite a few places in the SSL code (especially relevant in QSslKey) where sensitive data is passed around or manipulated in QByteArray. The memory is freed as usual by the implicit sharing mechanism through the heap manager. However this means sensitive data can (and probably does) linger in the inactive parts of the memory for an unknown amount of time. The buffers should zero-out/randomize the block before freeing it to prevent heartbleed-type vulnerabilities.
Suggestion:
Write and expose a public class for a buffer (byte array) that is suitable for holding sensitive data. As the QSsl* API allows for passing the key (and/or certificates) directly from the user code as a byte array, it is reasonable to expect that the user needs to have such a container available as well.
Related (palliative) gerrit change here:
https://codereview.qt-project.org/#/c/257992