From 1ee334c6f86b3e814aca1443ec7dfccdfc34ab26 Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Thu, 5 Jan 2023 10:56:26 +0100
Subject: crypto: make it easier to diagnose keys use-after-free
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Type: improvement

Change-Id: Ib98eba146e24e659acf3b9a228b81fcd641f4c67
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vnet/crypto/crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/vnet/crypto')

diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c
index f8926c9734a..156dab46517 100644
--- a/src/vnet/crypto/crypto.c
+++ b/src/vnet/crypto/crypto.c
@@ -469,12 +469,12 @@ vnet_crypto_key_del (vlib_main_t * vm, vnet_crypto_key_index_t index)
 
   if (key->type == VNET_CRYPTO_KEY_TYPE_DATA)
     {
-      clib_memset (key->data, 0, vec_len (key->data));
+      clib_memset (key->data, 0xfe, vec_len (key->data));
       vec_free (key->data);
     }
   else if (key->type == VNET_CRYPTO_KEY_TYPE_LINK)
     {
-      key->index_crypto = key->index_integ = 0;
+      key->index_crypto = key->index_integ = ~0;
     }
 
   pool_put (cm->keys, key);
-- 
cgit 1.2.3-korg