summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3
-rw-r--r--digest-libc.c6
-rw-r--r--digest-openssl.c4
3 files changed, 8 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 3e755cb9c..bad531bf3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -57,6 +57,9 @@
57 [ssh-ecdsa.c] 57 [ssh-ecdsa.c]
58 fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike 58 fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
59 DSA_SIG_new. Reported by Batz Spear; ok markus@ 59 DSA_SIG_new. Reported by Batz Spear; ok markus@
60 - djm@cvs.openbsd.org 2014/02/02 03:44:31
61 [digest-libc.c digest-openssl.c]
62 convert memset of potentially-private data to explicit_bzero()
60 63
6120140131 6420140131
62 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) 65 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
diff --git a/digest-libc.c b/digest-libc.c
index e1fcda71a..1804b0698 100644
--- a/digest-libc.c
+++ b/digest-libc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: digest-libc.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */ 1/* $OpenBSD: digest-libc.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 * Copyright (c) 2014 Markus Friedl. All rights reserved. 4 * Copyright (c) 2014 Markus Friedl. All rights reserved.
@@ -209,9 +209,9 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
209 if (ctx != NULL) { 209 if (ctx != NULL) {
210 digest = ssh_digest_by_alg(ctx->alg); 210 digest = ssh_digest_by_alg(ctx->alg);
211 if (digest) { 211 if (digest) {
212 memset(ctx->mdctx, 0, digest->ctx_len); 212 explicit_bzero(ctx->mdctx, digest->ctx_len);
213 free(ctx->mdctx); 213 free(ctx->mdctx);
214 memset(ctx, 0, sizeof(*ctx)); 214 explicit_bzero(ctx, sizeof(*ctx));
215 free(ctx); 215 free(ctx);
216 } 216 }
217 } 217 }
diff --git a/digest-openssl.c b/digest-openssl.c
index 8d7a58f34..863d37d03 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: digest-openssl.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */ 1/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -140,7 +140,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
140{ 140{
141 if (ctx != NULL) { 141 if (ctx != NULL) {
142 EVP_MD_CTX_cleanup(&ctx->mdctx); 142 EVP_MD_CTX_cleanup(&ctx->mdctx);
143 memset(ctx, 0, sizeof(*ctx)); 143 explicit_bzero(ctx, sizeof(*ctx));
144 free(ctx); 144 free(ctx);
145 } 145 }
146} 146}