Delete secret or secret-derived data with explicit_bzero.

concept ok deraadt@
diff looks ok tedu@

2 files changed, 5 insertions, 5 deletions

diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c
index 1fbb9117031..5b118d32c46 100644
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.c,v 1.234 2014/07/10 15:54:55 eric Exp $	*/
+/*	$OpenBSD: smtpd.c,v 1.235 2014/08/25 07:50:26 doug Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -589,7 +589,7 @@ main(int argc, char *argv[])
 				err(1, "getpass");
 
 			env->sc_queue_key = strdup(password);
-			memset(password, 0, strlen(password));
+			explicit_bzero(password, strlen(password));
 			if (env->sc_queue_key == NULL)
 				err(1, "strdup");
 		}
diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c
index 270787a7039..ab2de87946c 100644
--- a/usr.sbin/smtpd/ssl.c
+++ b/usr.sbin/smtpd/ssl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl.c,v 1.69 2014/07/10 20:16:48 jsg Exp $	*/
+/*	$OpenBSD: ssl.c,v 1.70 2014/08/25 07:50:26 doug Exp $	*/
 
 /*
  * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -146,7 +146,7 @@ ssl_password_cb(char *buf, int size, int rwflag, void *u)
 {
 	size_t	len;
 	if (u == NULL) {
-		memset(buf, 0, size);
+		explicit_bzero(buf, size);
 		return (0);
 	}
 	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
@@ -171,7 +171,7 @@ ssl_password_cb(char *buf, int size, int rwflag, void *u)
 	ret = len;
 end:
 	if (len)
-		memset(pass, 0, len);
+		explicit_bzero(pass, len);
 	return ret;
 }