- djm@cvs.openbsd.org 2014/02/02 03:44:31
[digest-libc.c digest-openssl.c]
convert memset of potentially-private data to explicit_bzero()
diff --git a/ChangeLog b/ChangeLog
index 3e755cb..bad531b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -57,6 +57,9 @@
[ssh-ecdsa.c]
fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
DSA_SIG_new. Reported by Batz Spear; ok markus@
+ - djm@cvs.openbsd.org 2014/02/02 03:44:31
+ [digest-libc.c digest-openssl.c]
+ convert memset of potentially-private data to explicit_bzero()
20140131
- (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
diff --git a/digest-libc.c b/digest-libc.c
index e1fcda7..1804b06 100644
--- a/digest-libc.c
+++ b/digest-libc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest-libc.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */
+/* $OpenBSD: digest-libc.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
* Copyright (c) 2014 Markus Friedl. All rights reserved.
@@ -209,9 +209,9 @@
if (ctx != NULL) {
digest = ssh_digest_by_alg(ctx->alg);
if (digest) {
- memset(ctx->mdctx, 0, digest->ctx_len);
+ explicit_bzero(ctx->mdctx, digest->ctx_len);
free(ctx->mdctx);
- memset(ctx, 0, sizeof(*ctx));
+ explicit_bzero(ctx, sizeof(*ctx));
free(ctx);
}
}
diff --git a/digest-openssl.c b/digest-openssl.c
index 8d7a58f..863d37d 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest-openssl.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */
+/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
*
@@ -140,7 +140,7 @@
{
if (ctx != NULL) {
EVP_MD_CTX_cleanup(&ctx->mdctx);
- memset(ctx, 0, sizeof(*ctx));
+ explicit_bzero(ctx, sizeof(*ctx));
free(ctx);
}
}