diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2014-04-29 10:18:07 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2014-04-29 10:18:07 +0000 |
| commit | f4a87d5b14b1a3574a87cd78374cc962a1468d58 (patch) | |
| tree | bd5904f4a6da7d88ffefb7cda22a59a348100991 | |
| parent | 569a05084857963f084681bcb049c98ea5191b53 (diff) | |
use explicit_bzero() instead of memset() to clear out sensitive data.
ok gilles@
| -rw-r--r-- | usr.sbin/smtpd/config.c | 6 | ||||
| -rw-r--r-- | usr.sbin/smtpd/mta_session.c | 6 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtp_session.c | 6 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtpd.c | 4 |
4 files changed, 11 insertions, 11 deletions
diff --git a/usr.sbin/smtpd/config.c b/usr.sbin/smtpd/config.c index 35f051da555..9eff839309a 100644 --- a/usr.sbin/smtpd/config.c +++ b/usr.sbin/smtpd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.28 2014/04/19 17:29:56 gilles Exp $ */ +/* $OpenBSD: config.c,v 1.29 2014/04/29 10:18:06 reyk Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -71,8 +71,8 @@ purge_config(uint8_t what) } if (what & PURGE_PKI) { while (dict_poproot(env->sc_pki_dict, (void **)&p)) { - memset(p->pki_cert, 0, p->pki_cert_len); - memset(p->pki_key, 0, p->pki_key_len); + explicit_bzero(p->pki_cert, p->pki_cert_len); + explicit_bzero(p->pki_key, p->pki_key_len); free(p->pki_cert); free(p->pki_key); free(p); diff --git a/usr.sbin/smtpd/mta_session.c b/usr.sbin/smtpd/mta_session.c index b80cf50c7bc..615ddfd8da8 100644 --- a/usr.sbin/smtpd/mta_session.c +++ b/usr.sbin/smtpd/mta_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta_session.c,v 1.60 2014/04/19 13:35:51 gilles Exp $ */ +/* $OpenBSD: mta_session.c,v 1.61 2014/04/29 10:18:06 reyk Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -347,8 +347,8 @@ mta_session_imsg(struct mproc *p, struct imsg *imsg) fatal("mta: ssl_mta_init"); io_start_tls(&s->io, ssl); - memset(resp_ca_cert->cert, 0, resp_ca_cert->cert_len); - memset(resp_ca_cert->key, 0, resp_ca_cert->key_len); + explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); + explicit_bzero(resp_ca_cert->key, resp_ca_cert->key_len); free(resp_ca_cert->cert); free(resp_ca_cert->key); free(resp_ca_cert); diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index a9716581462..6849b0e2087 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.207 2014/04/19 17:04:42 gilles Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.208 2014/04/29 10:18:06 reyk Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -601,8 +601,8 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg) io_set_read(&s->io); io_start_tls(&s->io, ssl); - memset(resp_ca_cert->cert, 0, resp_ca_cert->cert_len); - memset(resp_ca_cert->key, 0, resp_ca_cert->key_len); + explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); + explicit_bzero(resp_ca_cert->key, resp_ca_cert->key_len); free(resp_ca_cert->cert); free(resp_ca_cert->key); free(resp_ca_cert); diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c index 1a9c7f9916b..6e4c34835ef 100644 --- a/usr.sbin/smtpd/smtpd.c +++ b/usr.sbin/smtpd/smtpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.c,v 1.221 2014/04/19 14:00:45 gilles Exp $ */ +/* $OpenBSD: smtpd.c,v 1.222 2014/04/29 10:18:06 reyk Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -721,7 +721,7 @@ void post_fork(int proc) { if (proc != PROC_QUEUE && env->sc_queue_key) - memset(env->sc_queue_key, 0, strlen(env->sc_queue_key)); + explicit_bzero(env->sc_queue_key, strlen(env->sc_queue_key)); if (proc != PROC_CONTROL) { close(control_socket); |