summaryrefslogtreecommitdiff
path: root/sshconnect1.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-02-04 11:20:14 +1100
committerDamien Miller <djm@mindrot.org>2014-02-04 11:20:14 +1100
commita5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree0b35ad9292b2ca8d58229435865d0ec3818e5981 /sshconnect1.c
parent1d2c4564265ee827147af246a16f3777741411ed (diff)
- djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
Diffstat (limited to 'sshconnect1.c')
-rw-r--r--sshconnect1.c23
1 files changed, 13 insertions, 10 deletions
diff --git a/sshconnect1.c b/sshconnect1.c
index 57713d24..921408ec 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.73 2014/01/27 19:18:54 markus Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -120,7 +120,7 @@ try_agent_authentication(void)
* return a wrong value.
*/
logit("Authentication agent failed to decrypt challenge.");
- memset(response, 0, sizeof(response));
+ explicit_bzero(response, sizeof(response));
}
key_free(key);
debug("Sending response to RSA challenge.");
@@ -195,9 +195,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
packet_send();
packet_write_wait();
- memset(buf, 0, sizeof(buf));
- memset(response, 0, sizeof(response));
- memset(&md, 0, sizeof(md));
+ explicit_bzero(buf, sizeof(buf));
+ explicit_bzero(response, sizeof(response));
+ explicit_bzero(&md, sizeof(md));
}
/*
@@ -271,7 +271,7 @@ try_rsa_authentication(int idx)
debug2("no passphrase given, try next key");
quit = 1;
}
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
if (private != NULL || quit)
break;
@@ -427,7 +427,7 @@ try_challenge_response_authentication(void)
}
packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
ssh_put_password(response);
- memset(response, 0, strlen(response));
+ explicit_bzero(response, strlen(response));
free(response);
packet_send();
packet_write_wait();
@@ -460,7 +460,7 @@ try_password_authentication(char *prompt)
password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
ssh_put_password(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
packet_send();
packet_write_wait();
@@ -652,8 +652,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
/* Set the encryption key. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
- /* We will no longer need the session key here. Destroy any extra copies. */
- memset(session_key, 0, sizeof(session_key));
+ /*
+ * We will no longer need the session key here.
+ * Destroy any extra copies.
+ */
+ explicit_bzero(session_key, sizeof(session_key));
/*
* Expect a success message from the server. Note that this message