diff options
Diffstat (limited to 'sshconnect1.c')
-rw-r--r-- | sshconnect1.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index 57713d24d..921408ec1 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect1.c,v 1.73 2014/01/27 19:18:54 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -120,7 +120,7 @@ try_agent_authentication(void) | |||
120 | * return a wrong value. | 120 | * return a wrong value. |
121 | */ | 121 | */ |
122 | logit("Authentication agent failed to decrypt challenge."); | 122 | logit("Authentication agent failed to decrypt challenge."); |
123 | memset(response, 0, sizeof(response)); | 123 | explicit_bzero(response, sizeof(response)); |
124 | } | 124 | } |
125 | key_free(key); | 125 | key_free(key); |
126 | debug("Sending response to RSA challenge."); | 126 | debug("Sending response to RSA challenge."); |
@@ -195,9 +195,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) | |||
195 | packet_send(); | 195 | packet_send(); |
196 | packet_write_wait(); | 196 | packet_write_wait(); |
197 | 197 | ||
198 | memset(buf, 0, sizeof(buf)); | 198 | explicit_bzero(buf, sizeof(buf)); |
199 | memset(response, 0, sizeof(response)); | 199 | explicit_bzero(response, sizeof(response)); |
200 | memset(&md, 0, sizeof(md)); | 200 | explicit_bzero(&md, sizeof(md)); |
201 | } | 201 | } |
202 | 202 | ||
203 | /* | 203 | /* |
@@ -271,7 +271,7 @@ try_rsa_authentication(int idx) | |||
271 | debug2("no passphrase given, try next key"); | 271 | debug2("no passphrase given, try next key"); |
272 | quit = 1; | 272 | quit = 1; |
273 | } | 273 | } |
274 | memset(passphrase, 0, strlen(passphrase)); | 274 | explicit_bzero(passphrase, strlen(passphrase)); |
275 | free(passphrase); | 275 | free(passphrase); |
276 | if (private != NULL || quit) | 276 | if (private != NULL || quit) |
277 | break; | 277 | break; |
@@ -427,7 +427,7 @@ try_challenge_response_authentication(void) | |||
427 | } | 427 | } |
428 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); | 428 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); |
429 | ssh_put_password(response); | 429 | ssh_put_password(response); |
430 | memset(response, 0, strlen(response)); | 430 | explicit_bzero(response, strlen(response)); |
431 | free(response); | 431 | free(response); |
432 | packet_send(); | 432 | packet_send(); |
433 | packet_write_wait(); | 433 | packet_write_wait(); |
@@ -460,7 +460,7 @@ try_password_authentication(char *prompt) | |||
460 | password = read_passphrase(prompt, 0); | 460 | password = read_passphrase(prompt, 0); |
461 | packet_start(SSH_CMSG_AUTH_PASSWORD); | 461 | packet_start(SSH_CMSG_AUTH_PASSWORD); |
462 | ssh_put_password(password); | 462 | ssh_put_password(password); |
463 | memset(password, 0, strlen(password)); | 463 | explicit_bzero(password, strlen(password)); |
464 | free(password); | 464 | free(password); |
465 | packet_send(); | 465 | packet_send(); |
466 | packet_write_wait(); | 466 | packet_write_wait(); |
@@ -652,8 +652,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
652 | /* Set the encryption key. */ | 652 | /* Set the encryption key. */ |
653 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); | 653 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); |
654 | 654 | ||
655 | /* We will no longer need the session key here. Destroy any extra copies. */ | 655 | /* |
656 | memset(session_key, 0, sizeof(session_key)); | 656 | * We will no longer need the session key here. |
657 | * Destroy any extra copies. | ||
658 | */ | ||
659 | explicit_bzero(session_key, sizeof(session_key)); | ||
657 | 660 | ||
658 | /* | 661 | /* |
659 | * Expect a success message from the server. Note that this message | 662 | * Expect a success message from the server. Note that this message |