diff options
| author | Colin Watson <cjwatson@debian.org> | 2014-03-20 00:32:39 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2014-03-20 00:34:16 +0000 |
| commit | 2ee2de47fd0f684f54218d31b4ec83930e69c18e (patch) | |
| tree | 86848a7668424b392d48791a0e41e05f9df7b62b /authfile.c | |
| parent | c9947303ad3c432b1cadfbeb1d95a7cd38662d66 (diff) | |
| parent | 9cbb60f5e4932634db04c330c88abc49cc5567bd (diff) | |
Merge 6.6p1.
* New upstream release (http://www.openssh.com/txt/release-6.6).
Diffstat (limited to 'authfile.c')
| -rw-r--r-- | authfile.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/authfile.c b/authfile.c index 7eccbb2c9..d7eaa9dec 100644 --- a/authfile.c +++ b/authfile.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: authfile.c,v 1.101 2013/12/29 04:35:50 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -131,7 +131,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase, | |||
| 131 | buffer_put_int(&kdf, rounds); | 131 | buffer_put_int(&kdf, rounds); |
| 132 | } | 132 | } |
| 133 | cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); | 133 | cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); |
| 134 | memset(key, 0, keylen + ivlen); | 134 | explicit_bzero(key, keylen + ivlen); |
| 135 | free(key); | 135 | free(key); |
| 136 | 136 | ||
| 137 | buffer_init(&encoded); | 137 | buffer_init(&encoded); |
| @@ -143,7 +143,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase, | |||
| 143 | key_to_blob(prv, &cp, &len); /* public key */ | 143 | key_to_blob(prv, &cp, &len); /* public key */ |
| 144 | buffer_put_string(&encoded, cp, len); | 144 | buffer_put_string(&encoded, cp, len); |
| 145 | 145 | ||
| 146 | memset(cp, 0, len); | 146 | explicit_bzero(cp, len); |
| 147 | free(cp); | 147 | free(cp); |
| 148 | 148 | ||
| 149 | buffer_free(&kdf); | 149 | buffer_free(&kdf); |
| @@ -409,7 +409,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, | |||
| 409 | free(salt); | 409 | free(salt); |
| 410 | free(comment); | 410 | free(comment); |
| 411 | if (key) | 411 | if (key) |
| 412 | memset(key, 0, keylen + ivlen); | 412 | explicit_bzero(key, keylen + ivlen); |
| 413 | free(key); | 413 | free(key); |
| 414 | buffer_free(&encoded); | 414 | buffer_free(&encoded); |
| 415 | buffer_free(©); | 415 | buffer_free(©); |
| @@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, | |||
| 496 | buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) | 496 | buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) |
| 497 | fatal("%s: cipher_crypt failed", __func__); | 497 | fatal("%s: cipher_crypt failed", __func__); |
| 498 | cipher_cleanup(&ciphercontext); | 498 | cipher_cleanup(&ciphercontext); |
| 499 | memset(&ciphercontext, 0, sizeof(ciphercontext)); | 499 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
| 500 | 500 | ||
| 501 | /* Destroy temporary data. */ | 501 | /* Destroy temporary data. */ |
| 502 | memset(buf, 0, sizeof(buf)); | 502 | explicit_bzero(buf, sizeof(buf)); |
| 503 | buffer_free(&buffer); | 503 | buffer_free(&buffer); |
| 504 | 504 | ||
| 505 | buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); | 505 | buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); |
| @@ -703,17 +703,17 @@ key_load_file(int fd, const char *filename, Buffer *blob) | |||
| 703 | __func__, filename == NULL ? "" : filename, | 703 | __func__, filename == NULL ? "" : filename, |
| 704 | filename == NULL ? "" : " ", strerror(errno)); | 704 | filename == NULL ? "" : " ", strerror(errno)); |
| 705 | buffer_clear(blob); | 705 | buffer_clear(blob); |
| 706 | bzero(buf, sizeof(buf)); | 706 | explicit_bzero(buf, sizeof(buf)); |
| 707 | return 0; | 707 | return 0; |
| 708 | } | 708 | } |
| 709 | buffer_append(blob, buf, len); | 709 | buffer_append(blob, buf, len); |
| 710 | if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { | 710 | if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { |
| 711 | buffer_clear(blob); | 711 | buffer_clear(blob); |
| 712 | bzero(buf, sizeof(buf)); | 712 | explicit_bzero(buf, sizeof(buf)); |
| 713 | goto toobig; | 713 | goto toobig; |
| 714 | } | 714 | } |
| 715 | } | 715 | } |
| 716 | bzero(buf, sizeof(buf)); | 716 | explicit_bzero(buf, sizeof(buf)); |
| 717 | if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && | 717 | if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && |
| 718 | st.st_size != buffer_len(blob)) { | 718 | st.st_size != buffer_len(blob)) { |
| 719 | debug("%s: key file %.200s%schanged size while reading", | 719 | debug("%s: key file %.200s%schanged size while reading", |
| @@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) | |||
| 831 | buffer_ptr(©), buffer_len(©), 0, 0) != 0) | 831 | buffer_ptr(©), buffer_len(©), 0, 0) != 0) |
| 832 | fatal("%s: cipher_crypt failed", __func__); | 832 | fatal("%s: cipher_crypt failed", __func__); |
| 833 | cipher_cleanup(&ciphercontext); | 833 | cipher_cleanup(&ciphercontext); |
| 834 | memset(&ciphercontext, 0, sizeof(ciphercontext)); | 834 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
| 835 | buffer_free(©); | 835 | buffer_free(©); |
| 836 | 836 | ||
| 837 | check1 = buffer_get_char(&decrypted); | 837 | check1 = buffer_get_char(&decrypted); |