- djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
[buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
[kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
[monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
[ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c]
convert memset of potentially-private data to explicit_bzero()
diff --git a/ssh-add.c b/ssh-add.c
index 63ce720..3421452 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.108 2013/12/19 00:10:30 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.109 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -90,7 +90,7 @@
clear_pass(void)
{
if (pass) {
- memset(pass, 0, strlen(pass));
+ explicit_bzero(pass, strlen(pass));
free(pass);
pass = NULL;
}
@@ -366,7 +366,7 @@
fprintf(stderr, "Passwords do not match.\n");
passok = 0;
}
- memset(p2, 0, strlen(p2));
+ explicit_bzero(p2, strlen(p2));
free(p2);
}
if (passok && ssh_lock_agent(ac, lock, p1)) {
@@ -374,7 +374,7 @@
ret = 0;
} else
fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un");
- memset(p1, 0, strlen(p1));
+ explicit_bzero(p1, strlen(p1));
free(p1);
return (ret);
}