summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 8057eb1fe..a40198ab5 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.155 2020/03/16 02:17:02 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -90,7 +90,7 @@ static char *default_files[] = {
90static int fingerprint_hash = SSH_FP_HASH_DEFAULT; 90static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
91 91
92/* Default lifetime (0 == forever) */ 92/* Default lifetime (0 == forever) */
93static int lifetime = 0; 93static long lifetime = 0;
94 94
95/* User has to confirm key use */ 95/* User has to confirm key use */
96static int confirm = 0; 96static int confirm = 0;
@@ -105,8 +105,7 @@ static void
105clear_pass(void) 105clear_pass(void)
106{ 106{
107 if (pass) { 107 if (pass) {
108 explicit_bzero(pass, strlen(pass)); 108 freezero(pass, strlen(pass));
109 free(pass);
110 pass = NULL; 109 pass = NULL;
111 } 110 }
112} 111}
@@ -328,7 +327,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
328 filename, comment); 327 filename, comment);
329 if (lifetime != 0) { 328 if (lifetime != 0) {
330 fprintf(stderr, 329 fprintf(stderr,
331 "Lifetime set to %d seconds\n", lifetime); 330 "Lifetime set to %ld seconds\n", lifetime);
332 } 331 }
333 if (confirm != 0) { 332 if (confirm != 0) {
334 fprintf(stderr, "The user must confirm " 333 fprintf(stderr, "The user must confirm "
@@ -384,7 +383,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
384 fprintf(stderr, "Certificate added: %s (%s)\n", certpath, 383 fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
385 private->cert->key_id); 384 private->cert->key_id);
386 if (lifetime != 0) { 385 if (lifetime != 0) {
387 fprintf(stderr, "Lifetime set to %d seconds\n", 386 fprintf(stderr, "Lifetime set to %ld seconds\n",
388 lifetime); 387 lifetime);
389 } 388 }
390 if (confirm != 0) { 389 if (confirm != 0) {
@@ -521,8 +520,7 @@ lock_agent(int agent_fd, int lock)
521 fprintf(stderr, "Passwords do not match.\n"); 520 fprintf(stderr, "Passwords do not match.\n");
522 passok = 0; 521 passok = 0;
523 } 522 }
524 explicit_bzero(p2, strlen(p2)); 523 freezero(p2, strlen(p2));
525 free(p2);
526 } 524 }
527 if (passok) { 525 if (passok) {
528 if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) { 526 if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) {
@@ -533,8 +531,7 @@ lock_agent(int agent_fd, int lock)
533 lock ? "" : "un", ssh_err(r)); 531 lock ? "" : "un", ssh_err(r));
534 } 532 }
535 } 533 }
536 explicit_bzero(p1, strlen(p1)); 534 freezero(p1, strlen(p1));
537 free(p1);
538 return (ret); 535 return (ret);
539} 536}
540 537
@@ -571,7 +568,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag)
571 sshkey_type(keys[i]), fp); 568 sshkey_type(keys[i]), fp);
572 if (lifetime != 0) { 569 if (lifetime != 0) {
573 fprintf(stderr, 570 fprintf(stderr,
574 "Lifetime set to %d seconds\n", lifetime); 571 "Lifetime set to %ld seconds\n", lifetime);
575 } 572 }
576 if (confirm != 0) { 573 if (confirm != 0) {
577 fprintf(stderr, "The user must confirm " 574 fprintf(stderr, "The user must confirm "
@@ -720,7 +717,8 @@ main(int argc, char **argv)
720 pkcs11provider = optarg; 717 pkcs11provider = optarg;
721 break; 718 break;
722 case 't': 719 case 't':
723 if ((lifetime = convtime(optarg)) == -1) { 720 if ((lifetime = convtime(optarg)) == -1 ||
721 lifetime < 0 || (u_long)lifetime > UINT32_MAX) {
724 fprintf(stderr, "Invalid lifetime\n"); 722 fprintf(stderr, "Invalid lifetime\n");
725 ret = 1; 723 ret = 1;
726 goto done; 724 goto done;
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 05:28:59 +0000