From 1ee0b7e2a3bd44d43cbcecff2a09b1f8fc91dd64 Mon Sep 17 00:00:00 2001
From: xfnw <xfnw@riseup.net>
Date: Tue, 15 Mar 2022 22:50:12 -0400
Subject: [PATCH] attempt to always zero key in ram before exiting

---
 ratbox-respond.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/ratbox-respond.c b/ratbox-respond.c
index 1111a12..63b1b7a 100644
--- a/ratbox-respond.c
+++ b/ratbox-respond.c
@@ -27,6 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <signal.h>
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
@@ -35,6 +36,8 @@
 #include <sys/time.h>
 #include <sys/resource.h>
 
+RSA *rsa = NULL;
+
 void nodumps()
 {
 	struct rlimit r;
@@ -42,6 +45,12 @@ void nodumps()
 	setrlimit(RLIMIT_CORE, &r);
 }
 
+void byebye(int sig)
+{
+	memset(rsa, 0, sizeof rsa);
+	exit(0);
+}
+
 static int called_passcb = 0;
 static int pass_cb(char *buf, int size, int rwflag, void *u)
 {
@@ -224,10 +233,17 @@ read_challenge(FILE *f)
 int
 main(int argc, char **argv)
 {
+	struct sigaction act;
+
+	act.sa_handler = byebye;
+
+	sigaction(SIGHUP,  &act, 0);
+	sigaction(SIGINT,  &act, 0);
+	sigaction(SIGTERM, &act, 0);
+
 	nodumps();
 
 	FILE *kfile;
-	RSA *rsa = NULL;
 	SHA_CTX ctx;
 	unsigned char *ptr;
 	unsigned char *ndata, ddata[512];
@@ -283,5 +299,5 @@ main(int argc, char **argv)
 		puts((char *)ndata);
 		fflush(NULL);
 	}
-	return 0;
+	byebye(0);
 }