diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | digest-libc.c | 6 | ||||
-rw-r--r-- | digest-openssl.c | 4 |
3 files changed, 8 insertions, 5 deletions
@@ -57,6 +57,9 @@ | |||
57 | [ssh-ecdsa.c] | 57 | [ssh-ecdsa.c] |
58 | fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike | 58 | fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike |
59 | DSA_SIG_new. Reported by Batz Spear; ok markus@ | 59 | DSA_SIG_new. Reported by Batz Spear; ok markus@ |
60 | - djm@cvs.openbsd.org 2014/02/02 03:44:31 | ||
61 | [digest-libc.c digest-openssl.c] | ||
62 | convert memset of potentially-private data to explicit_bzero() | ||
60 | 63 | ||
61 | 20140131 | 64 | 20140131 |
62 | - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) | 65 | - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) |
diff --git a/digest-libc.c b/digest-libc.c index e1fcda71a..1804b0698 100644 --- a/digest-libc.c +++ b/digest-libc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: digest-libc.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */ | 1 | /* $OpenBSD: digest-libc.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> |
4 | * Copyright (c) 2014 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2014 Markus Friedl. All rights reserved. |
@@ -209,9 +209,9 @@ ssh_digest_free(struct ssh_digest_ctx *ctx) | |||
209 | if (ctx != NULL) { | 209 | if (ctx != NULL) { |
210 | digest = ssh_digest_by_alg(ctx->alg); | 210 | digest = ssh_digest_by_alg(ctx->alg); |
211 | if (digest) { | 211 | if (digest) { |
212 | memset(ctx->mdctx, 0, digest->ctx_len); | 212 | explicit_bzero(ctx->mdctx, digest->ctx_len); |
213 | free(ctx->mdctx); | 213 | free(ctx->mdctx); |
214 | memset(ctx, 0, sizeof(*ctx)); | 214 | explicit_bzero(ctx, sizeof(*ctx)); |
215 | free(ctx); | 215 | free(ctx); |
216 | } | 216 | } |
217 | } | 217 | } |
diff --git a/digest-openssl.c b/digest-openssl.c index 8d7a58f34..863d37d03 100644 --- a/digest-openssl.c +++ b/digest-openssl.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: digest-openssl.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */ | 1 | /* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2013 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -140,7 +140,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx) | |||
140 | { | 140 | { |
141 | if (ctx != NULL) { | 141 | if (ctx != NULL) { |
142 | EVP_MD_CTX_cleanup(&ctx->mdctx); | 142 | EVP_MD_CTX_cleanup(&ctx->mdctx); |
143 | memset(ctx, 0, sizeof(*ctx)); | 143 | explicit_bzero(ctx, sizeof(*ctx)); |
144 | free(ctx); | 144 | free(ctx); |
145 | } | 145 | } |
146 | } | 146 | } |