diff options
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 22 |
1 files changed, 10 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.155 2020/03/16 02:17:02 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -90,7 +90,7 @@ static char *default_files[] = { | |||
90 | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; | 90 | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; |
91 | 91 | ||
92 | /* Default lifetime (0 == forever) */ | 92 | /* Default lifetime (0 == forever) */ |
93 | static int lifetime = 0; | 93 | static long lifetime = 0; |
94 | 94 | ||
95 | /* User has to confirm key use */ | 95 | /* User has to confirm key use */ |
96 | static int confirm = 0; | 96 | static int confirm = 0; |
@@ -105,8 +105,7 @@ static void | |||
105 | clear_pass(void) | 105 | clear_pass(void) |
106 | { | 106 | { |
107 | if (pass) { | 107 | if (pass) { |
108 | explicit_bzero(pass, strlen(pass)); | 108 | freezero(pass, strlen(pass)); |
109 | free(pass); | ||
110 | pass = NULL; | 109 | pass = NULL; |
111 | } | 110 | } |
112 | } | 111 | } |
@@ -328,7 +327,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, | |||
328 | filename, comment); | 327 | filename, comment); |
329 | if (lifetime != 0) { | 328 | if (lifetime != 0) { |
330 | fprintf(stderr, | 329 | fprintf(stderr, |
331 | "Lifetime set to %d seconds\n", lifetime); | 330 | "Lifetime set to %ld seconds\n", lifetime); |
332 | } | 331 | } |
333 | if (confirm != 0) { | 332 | if (confirm != 0) { |
334 | fprintf(stderr, "The user must confirm " | 333 | fprintf(stderr, "The user must confirm " |
@@ -384,7 +383,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, | |||
384 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, | 383 | fprintf(stderr, "Certificate added: %s (%s)\n", certpath, |
385 | private->cert->key_id); | 384 | private->cert->key_id); |
386 | if (lifetime != 0) { | 385 | if (lifetime != 0) { |
387 | fprintf(stderr, "Lifetime set to %d seconds\n", | 386 | fprintf(stderr, "Lifetime set to %ld seconds\n", |
388 | lifetime); | 387 | lifetime); |
389 | } | 388 | } |
390 | if (confirm != 0) { | 389 | if (confirm != 0) { |
@@ -521,8 +520,7 @@ lock_agent(int agent_fd, int lock) | |||
521 | fprintf(stderr, "Passwords do not match.\n"); | 520 | fprintf(stderr, "Passwords do not match.\n"); |
522 | passok = 0; | 521 | passok = 0; |
523 | } | 522 | } |
524 | explicit_bzero(p2, strlen(p2)); | 523 | freezero(p2, strlen(p2)); |
525 | free(p2); | ||
526 | } | 524 | } |
527 | if (passok) { | 525 | if (passok) { |
528 | if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) { | 526 | if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) { |
@@ -533,8 +531,7 @@ lock_agent(int agent_fd, int lock) | |||
533 | lock ? "" : "un", ssh_err(r)); | 531 | lock ? "" : "un", ssh_err(r)); |
534 | } | 532 | } |
535 | } | 533 | } |
536 | explicit_bzero(p1, strlen(p1)); | 534 | freezero(p1, strlen(p1)); |
537 | free(p1); | ||
538 | return (ret); | 535 | return (ret); |
539 | } | 536 | } |
540 | 537 | ||
@@ -571,7 +568,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag) | |||
571 | sshkey_type(keys[i]), fp); | 568 | sshkey_type(keys[i]), fp); |
572 | if (lifetime != 0) { | 569 | if (lifetime != 0) { |
573 | fprintf(stderr, | 570 | fprintf(stderr, |
574 | "Lifetime set to %d seconds\n", lifetime); | 571 | "Lifetime set to %ld seconds\n", lifetime); |
575 | } | 572 | } |
576 | if (confirm != 0) { | 573 | if (confirm != 0) { |
577 | fprintf(stderr, "The user must confirm " | 574 | fprintf(stderr, "The user must confirm " |
@@ -720,7 +717,8 @@ main(int argc, char **argv) | |||
720 | pkcs11provider = optarg; | 717 | pkcs11provider = optarg; |
721 | break; | 718 | break; |
722 | case 't': | 719 | case 't': |
723 | if ((lifetime = convtime(optarg)) == -1) { | 720 | if ((lifetime = convtime(optarg)) == -1 || |
721 | lifetime < 0 || (u_long)lifetime > UINT32_MAX) { | ||
724 | fprintf(stderr, "Invalid lifetime\n"); | 722 | fprintf(stderr, "Invalid lifetime\n"); |
725 | ret = 1; | 723 | ret = 1; |
726 | goto done; | 724 | goto done; |