commit 9a728cc918fad67c8a9a71201088b1e150340ba4
author djm@openbsd.org <djm@openbsd.org> Tue Jan 12 23:42:54 2016 +0000
committer Damien Miller <djm@mindrot.org> Wed Jan 13 10:48:11 2016 +1100
tree dca3a776b4cc5a45abbca64eb797d4ec51b7779b
parent 4626cbaf78767fc8e9c86dd04785386c59ae0839

upstream commit

use explicit_bzero() more liberally in the buffer code; ok
 deraadt

Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf

sshbuf-getput-crypto.c

diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index e2e093c..d0d791b 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $	*/
+/*	$OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -158,10 +158,10 @@
 	if (len > 0 && (d[1] & 0x80) != 0)
 		prepend = 1;
 	if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
-		bzero(d, sizeof(d));
+		explicit_bzero(d, sizeof(d));
 		return r;
 	}
-	bzero(d, sizeof(d));
+	explicit_bzero(d, sizeof(d));
 	return 0;
 }
 
@@ -177,13 +177,13 @@
 	if (BN_bn2bin(v, d) != (int)len_bytes)
 		return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
 	if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
-		bzero(d, sizeof(d));
+		explicit_bzero(d, sizeof(d));
 		return r;
 	}
 	POKE_U16(dp, len_bits);
 	if (len_bytes != 0)
 		memcpy(dp + 2, d, len_bytes);
-	bzero(d, sizeof(d));
+	explicit_bzero(d, sizeof(d));
 	return 0;
 }
 
@@ -210,7 +210,7 @@
 	}
 	BN_CTX_free(bn_ctx);
 	ret = sshbuf_put_string(buf, d, len);
-	bzero(d, len);
+	explicit_bzero(d, len);
 	return ret;
 }