summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libexec/login_chpass/login_chpass.c4
-rw-r--r--libexec/login_lchpass/login_lchpass.c4
-rw-r--r--libexec/login_passwd/login.c4
-rw-r--r--libexec/login_passwd/login_passwd.c4
-rw-r--r--libexec/login_radius/raddauth.c3
-rw-r--r--libexec/login_tis/login_tis.c16
-rw-r--r--libexec/login_token/token.c14
-rw-r--r--libexec/login_token/tokendb.c4
8 files changed, 26 insertions, 27 deletions
diff --git a/libexec/login_chpass/login_chpass.c b/libexec/login_chpass/login_chpass.c
index 903ca333a28..3abd7210182 100644
--- a/libexec/login_chpass/login_chpass.c
+++ b/libexec/login_chpass/login_chpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_chpass.c,v 1.16 2012/12/04 02:24:47 deraadt Exp $ */
+/* $OpenBSD: login_chpass.c,v 1.17 2015/10/05 17:31:17 millert Exp $ */
/*-
* Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved.
@@ -208,7 +208,7 @@ yp_chpass(char *username)
pwd_gensalt(salt, sizeof(salt), lc, 'y') == 0)
strlcpy(salt, "xx", sizeof(salt));
crypt(p, salt);
- memset(p, 0, strlen(p));
+ explicit_bzero(p, strlen(p));
}
warnx("YP passwd database unchanged.");
exit(1);
diff --git a/libexec/login_lchpass/login_lchpass.c b/libexec/login_lchpass/login_lchpass.c
index 6696067d38a..0882f7038d7 100644
--- a/libexec/login_lchpass/login_lchpass.c
+++ b/libexec/login_lchpass/login_lchpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_lchpass.c,v 1.14 2012/12/04 02:24:47 deraadt Exp $ */
+/* $OpenBSD: login_lchpass.c,v 1.15 2015/10/05 17:31:17 millert Exp $ */
/*-
* Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved.
@@ -136,7 +136,7 @@ main(int argc, char *argv[])
exit(1);
salt = crypt(p, salt);
- memset(p, 0, strlen(p));
+ explicit_bzero(p, strlen(p));
if (!pwd || strcmp(salt, pwd->pw_passwd) != 0)
exit(1);
diff --git a/libexec/login_passwd/login.c b/libexec/login_passwd/login.c
index 6548178e001..8d208e03381 100644
--- a/libexec/login_passwd/login.c
+++ b/libexec/login_passwd/login.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login.c,v 1.11 2015/01/16 06:39:50 deraadt Exp $ */
+/* $OpenBSD: login.c,v 1.12 2015/10/05 17:31:17 millert Exp $ */
/*-
* Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
@@ -158,7 +158,7 @@ main(int argc, char **argv)
#endif
if (password != NULL)
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
if (ret != AUTH_OK)
fprintf(back, BI_REJECT "\n");
diff --git a/libexec/login_passwd/login_passwd.c b/libexec/login_passwd/login_passwd.c
index f646d891043..d769bdc0735 100644
--- a/libexec/login_passwd/login_passwd.c
+++ b/libexec/login_passwd/login_passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_passwd.c,v 1.10 2014/09/16 22:07:02 tedu Exp $ */
+/* $OpenBSD: login_passwd.c,v 1.11 2015/10/05 17:31:17 millert Exp $ */
/*-
* Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
@@ -54,7 +54,7 @@ pwd_login(char *username, char *password, char *wheel, int lastchance,
if (crypt_checkpass(password, goodhash) == 0)
passok = 1;
plen = strlen(password);
- memset(password, 0, plen);
+ explicit_bzero(password, plen);
if (!passok)
return (AUTH_FAILED);
diff --git a/libexec/login_radius/raddauth.c b/libexec/login_radius/raddauth.c
index 71089908058..5261e377f49 100644
--- a/libexec/login_radius/raddauth.c
+++ b/libexec/login_radius/raddauth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: raddauth.c,v 1.27 2015/01/16 06:39:50 deraadt Exp $ */
+/* $OpenBSD: raddauth.c,v 1.28 2015/10/05 17:31:17 millert Exp $ */
/*-
* Copyright (c) 1996, 1997 Berkeley Software Design, Inc. All rights reserved.
@@ -397,6 +397,7 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
}
total_length += AUTH_VECTOR_LEN;
}
+ explicit_bzero(pass_buf, strlen(pass_buf));
/* Client id */
*ptr++ = PW_CLIENT_ID;
diff --git a/libexec/login_tis/login_tis.c b/libexec/login_tis/login_tis.c
index 3ac22aaa3f1..cbfa0a74c49 100644
--- a/libexec/login_tis/login_tis.c
+++ b/libexec/login_tis/login_tis.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_tis.c,v 1.12 2015/01/16 06:39:50 deraadt Exp $ */
+/* $OpenBSD: login_tis.c,v 1.13 2015/10/05 17:31:17 millert Exp $ */
/*
* Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -395,8 +395,8 @@ tis_getkey(struct tis_connection *tc)
}
DES_string_to_key(key, &cblock);
error = DES_set_key(&cblock, &tc->keysched);
- memset(key, 0, len);
- memset(&cblock, 0, sizeof(cblock));
+ explicit_bzero(key, len);
+ explicit_bzero(&cblock, sizeof(cblock));
free(tbuf);
return (error);
}
@@ -508,10 +508,10 @@ tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz)
len, &ks, &iv, DES_DECRYPT);
if (strlcpy(buf, tbuf, bufsiz) >= bufsiz) {
syslog(LOG_ERR, "unencrypted data too large to store");
- memset(tbuf, 0, sizeof(tbuf));
+ explicit_bzero(tbuf, sizeof(tbuf));
return (-1);
}
- memset(tbuf, 0, sizeof(tbuf));
+ explicit_bzero(tbuf, sizeof(tbuf));
}
return (len);
}
@@ -657,7 +657,7 @@ tis_authorize(struct tis_connection *tc, const char *user,
syslog(LOG_ERR, "unexpected response from authsrv: %s", obuf);
resp = error;
}
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return (resp);
}
@@ -685,10 +685,10 @@ tis_verify(struct tis_connection *tc, const char *response, char *ebuf)
if (strncmp(buf, "ok", 2) == 0) {
if (buf[2] != '\0')
strlcpy(ebuf, buf + 3, TIS_BUFSIZ);
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return (0);
}
strlcpy(ebuf, buf, TIS_BUFSIZ);
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return (-1);
}
diff --git a/libexec/login_token/token.c b/libexec/login_token/token.c
index 7c6f4569c8d..0bf5352e324 100644
--- a/libexec/login_token/token.c
+++ b/libexec/login_token/token.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: token.c,v 1.18 2013/12/03 01:29:00 deraadt Exp $ */
+/* $OpenBSD: token.c,v 1.19 2015/10/05 17:31:17 millert Exp $ */
/*-
* Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -189,7 +189,7 @@ tokenverify(char *username, char *challenge, char *response)
return (-1);
h2cb(tokenrec.secret, &user_seed);
- memset(&tokenrec.secret, 0, sizeof(tokenrec.secret));
+ explicit_bzero(&tokenrec.secret, sizeof(tokenrec.secret));
if (!(tokenrec.flags & TOKEN_ENABLED))
return (-1);
@@ -201,10 +201,10 @@ tokenverify(char *username, char *challenge, char *response)
DES_fixup_key_parity(&user_seed.cb);
DES_key_sched(&user_seed.cb, &key_schedule);
- memset(user_seed.ct, 0, sizeof(user_seed.ct));
+ explicit_bzero(user_seed.ct, sizeof(user_seed.ct));
DES_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, &key_schedule,
DES_ENCRYPT);
- memset(&key_schedule, 0, sizeof(key_schedule));
+ explicit_bzero(&key_schedule, sizeof(key_schedule));
/*
* The token thinks it's descended from VAXen. Deal with i386
@@ -304,7 +304,7 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
*/
if (!(flags & TOKEN_GENSECRET)) {
- memset(&secret, 0, sizeof(secret));
+ explicit_bzero(&secret, sizeof(secret));
return (0);
}
@@ -314,10 +314,10 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
secret.cb[4], secret.cb[5], secret.cb[6], secret.cb[7]);
DES_key_sched(&secret.cb, &key_schedule);
- memset(&secret, 0, sizeof(secret));
+ explicit_bzero(&secret, sizeof(secret));
memset(&nulls, 0, sizeof(nulls));
DES_ecb_encrypt(&nulls.cb, &checksum.cb, &key_schedule, DES_ENCRYPT);
- memset(&key_schedule, 0, sizeof(key_schedule));
+ explicit_bzero(&key_schedule, sizeof(key_schedule));
HTONL(checksum.ul[0]);
snprintf(checktxt.ct, sizeof(checktxt.ct), "%8.8x", checksum.ul[0]);
printf("Hex Checksum: \"%s\"", checktxt.ct);
diff --git a/libexec/login_token/tokendb.c b/libexec/login_token/tokendb.c
index 23a82c28a19..d52539ef192 100644
--- a/libexec/login_token/tokendb.c
+++ b/libexec/login_token/tokendb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tokendb.c,v 1.9 2012/12/04 02:24:47 deraadt Exp $ */
+/* $OpenBSD: tokendb.c,v 1.10 2015/10/05 17:31:17 millert Exp $ */
/*-
* Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -135,12 +135,10 @@ int
tokendb_delrec(char *username)
{
DBT key;
- DBT data;
int status = 0;
key.data = username;
key.size = strlen(username) + 1;
- memset(&data, 0, sizeof(data));
if (!tokendb_open()) {
if (flock((tokendb->fd)(tokendb), LOCK_EX)) {