security: zero out buffers from pool before reusing them

2025-12-06 03:05:29 -05:00 · 2023-08-09 16:05:36 -04:00 · 2023-08-09 16:05:36 -04:00 · 18780db853
commit 18780db853
parent 925a503604
3 changed files with 9 additions and 1 deletions
--- a/src/Tiny_httpd_buf.ml
+++ b/src/Tiny_httpd_buf.ml
@ -16,6 +16,10 @@ let clear self : unit =
    self.bytes <- self.original;
  self.i <- 0

+let clear_and_zero self =
+  clear self;
+  Bytes.fill self.bytes 0 (Bytes.length self.bytes) '\x00'
+
 let resize self new_size : unit =
  let new_buf = Bytes.make new_size ' ' in
  Bytes.blit self.bytes 0 new_buf 0 self.i;
--- a/src/Tiny_httpd_buf.mli
+++ b/src/Tiny_httpd_buf.mli
@ -13,6 +13,10 @@ val clear : t -> unit
 val create : ?size:int -> unit -> t
 val contents : t -> string

+val clear_and_zero : t -> unit
+(** Clear the buffer and zero out its storage.
+    @since NEXT_RELEASE *)
+
 val bytes_slice : t -> bytes
 (** Access underlying slice of bytes.
    @since 0.5 *)
--- a/src/Tiny_httpd_server.ml
+++ b/src/Tiny_httpd_server.ml
@ -847,7 +847,7 @@ let create_from ?(buf_size = 16 * 1_024) ?(middlewares = []) ~backend () : t =
      middlewares = [];
      middlewares_sorted = lazy [];
      buf_pool =
-        Pool.create ~clear:Buf.clear
+        Pool.create ~clear:Buf.clear_and_zero
          ~mk_item:(fun () -> Buf.create ~size:buf_size ())
          ();
    }