Remove memset()s that were added for the memory sanitizer

It does not support third party libraries correctly (openssl, zlib) and has been disabled.
nih-at · Oct 10, 2023 · 9c8b9e4 · 9c8b9e4
1 parent 0aa45d4
commit 9c8b9e4
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 12 deletions.
diff --git a/lib/zip_crypto_openssl.c b/lib/zip_crypto_openssl.c
@@ -127,9 +127,6 @@ _zip_crypto_aes_free(_zip_crypto_aes_t *aes) {
 bool
 _zip_crypto_aes_encrypt_block(_zip_crypto_aes_t *aes, const zip_uint8_t *in, zip_uint8_t *out) {
     int len = 0;
-    /* TODO: The memset() is just for testing the memory sanitizer,
-       _zip_winzip_aes_new() will overwrite the same bytes */
-    memset(out, 0xff, ZIP_CRYPTO_AES_BLOCK_LENGTH);
     if (EVP_EncryptUpdate(aes, out, &len, in, ZIP_CRYPTO_AES_BLOCK_LENGTH) != 1
         || len != ZIP_CRYPTO_AES_BLOCK_LENGTH) {
         return false;
@@ -217,9 +214,6 @@ _zip_crypto_hmac_free(_zip_crypto_hmac_t *hmac) {
 
 bool
 _zip_crypto_hmac_output(_zip_crypto_hmac_t *hmac, zip_uint8_t *data) {
-    /* TODO: The memset() is just for testing the memory sanitizer,
-       _zip_winzip_aes_new() will overwrite the same bytes */
-    memset(data, 0xff, ZIP_CRYPTO_SHA1_LENGTH);
 #ifdef USE_OPENSSL_3_API
     size_t length = 0;
     return EVP_MAC_final(hmac->ctx, data, &length, ZIP_CRYPTO_SHA1_LENGTH) == 1 && length == ZIP_CRYPTO_SHA1_LENGTH;

diff --git a/lib/zip_source_winzip_aes_encode.c b/lib/zip_source_winzip_aes_encode.c
@@ -83,17 +83,11 @@ zip_source_winzip_aes_encode(zip_t *za, zip_source_t *src, zip_uint16_t encrypti
 static int
 encrypt_header(zip_source_t *src, struct winzip_aes *ctx) {
     zip_uint16_t salt_length = SALT_LENGTH(ctx->encryption_method);
-    /* TODO: The memset() is just for testing the memory sanitizer,
-       zip_secure_random() will overwrite the same bytes */
-    memset(ctx->data, 0xff, salt_length);
     if (!zip_secure_random(ctx->data, salt_length)) {
         zip_error_set(&ctx->error, ZIP_ER_INTERNAL, 0);
         return -1;
     }
 
-    /* TODO: The memset() is just for testing the memory sanitizer,
-       _zip_winzip_aes_new() will overwrite the same bytes */
-    memset(ctx->data + salt_length, 0xff, WINZIP_AES_PASSWORD_VERIFY_LENGTH);
     if ((ctx->aes_ctx = _zip_winzip_aes_new((zip_uint8_t *)ctx->password, strlen(ctx->password), ctx->data, ctx->encryption_method, ctx->data + salt_length, &ctx->error)) == NULL) {
         return -1;
     }