From b44cd9e710c0bf0c1d1dfceef5ba883a4eebe98f Mon Sep 17 00:00:00 2001
From: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
Date: Sun, 24 Apr 2011 02:34:32 +0200
Subject: [PATCH] zero-fill hash context for safety

---
 grub-core/disk/cryptodisk.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 7f3b60bf5..dc6ca486e 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -200,6 +200,9 @@ grub_cryptodisk_decrypt (const struct grub_cryptodisk *dev,
 	  {
 	    grub_uint64_t tmp;
 	    grub_uint64_t ctx[(dev->iv_hash->contextsize + 7) / 8];
+
+	    grub_memset (ctx, 0, sizeof (ctx));
+
 	    tmp = grub_cpu_to_le64 (sector << GRUB_DISK_SECTOR_BITS);
 	    dev->iv_hash->init (ctx);
 	    dev->iv_hash->write (ctx, dev->iv_prefix, dev->iv_prefix_len);