- djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
[buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
[kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
[monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
[ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c]
convert memset of potentially-private data to explicit_bzero()
diff --git a/auth1.c b/auth1.c
index f1ac598..0f870b3 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -129,7 +129,7 @@
/* Try authentication with the password. */
authenticated = PRIVSEP(auth_password(authctxt, password));
- memset(password, 0, dlen);
+ explicit_bzero(password, dlen);
free(password);
return (authenticated);
@@ -222,7 +222,7 @@
response = packet_get_string(&dlen);
packet_check_eom();
authenticated = verify_response(authctxt, response);
- memset(response, 'r', dlen);
+ explicit_bzero(response, dlen);
free(response);
return (authenticated);