diff options
| author | Ricardo Mestre <mestre@cvs.openbsd.org> | 2017-05-03 09:51:40 +0000 |
|---|---|---|
| committer | Ricardo Mestre <mestre@cvs.openbsd.org> | 2017-05-03 09:51:40 +0000 |
| commit | dce3ca59e0bfb31467829ba436634072a5c09a94 (patch) | |
| tree | 3ee52c1b525fb89cd3731d8ee40a7f42516e8a07 /usr.sbin | |
| parent | 88384d18b5e0b1be0b4ae3e5d552e8d0ac317a65 (diff) | |
Use the safe idiom of cleaning sensitive data from memory with explicit_bzero,
instead of relying on other methods, after readpassphrase. Some programs on
this diff won't benefit that much since it happens near the terminal path, but
someone might copy the unsafe idiom to another program and place it where it
may leak sensitive data.
Discussed aeons ago with tb@, OK deraadt@ and beck@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/tokeninit/tokeninit.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/tokeninit/tokeninit.c b/usr.sbin/tokeninit/tokeninit.c index a40ab28bb59..88993a9818b 100644 --- a/usr.sbin/tokeninit/tokeninit.c +++ b/usr.sbin/tokeninit/tokeninit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tokeninit.c,v 1.12 2016/03/22 00:06:55 bluhm Exp $ */ +/* $OpenBSD: tokeninit.c,v 1.13 2017/05/03 09:51:39 mestre Exp $ */ /*- * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved @@ -149,7 +149,7 @@ main(int argc, char **argv) tt->name); exit(1); } - memset(secret, 0, sizeof(secret)); + explicit_bzero(secret, sizeof(secret)); if (parse_secret(hexformat, seed, secret)) { fprintf(stderr, "%sinit: Invalid secret entered.\n", |