Use explicit_bzero() instead of memset() for zeroing out secrets.

OK deraadt@

2 files changed, 4 insertions, 4 deletions

diff --git a/libexec/login_passwd/login.c b/libexec/login_passwd/login.c
index 6548178e001..8d208e03381 100644
--- a/libexec/login_passwd/login.c
+++ b/libexec/login_passwd/login.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login.c,v 1.11 2015/01/16 06:39:50 deraadt Exp $	*/
+/*	$OpenBSD: login.c,v 1.12 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
@@ -158,7 +158,7 @@ main(int argc, char **argv)
 #endif
 
 	if (password != NULL)
-		memset(password, 0, strlen(password));
+		explicit_bzero(password, strlen(password));
 	if (ret != AUTH_OK)
 		fprintf(back, BI_REJECT "\n");
 
diff --git a/libexec/login_passwd/login_passwd.c b/libexec/login_passwd/login_passwd.c
index f646d891043..d769bdc0735 100644
--- a/libexec/login_passwd/login_passwd.c
+++ b/libexec/login_passwd/login_passwd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_passwd.c,v 1.10 2014/09/16 22:07:02 tedu Exp $	*/
+/*	$OpenBSD: login_passwd.c,v 1.11 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
@@ -54,7 +54,7 @@ pwd_login(char *username, char *password, char *wheel, int lastchance,
 	if (crypt_checkpass(password, goodhash) == 0)
 		passok = 1;
 	plen = strlen(password);
-	memset(password, 0, plen);
+	explicit_bzero(password, plen);
 
 	if (!passok)
 		return (AUTH_FAILED);