diff options
| -rw-r--r-- | sbin/iked/dh.c | 8 | ||||
| -rw-r--r-- | usr.sbin/ikectl/ikeca.c | 6 | ||||
| -rw-r--r-- | usr.sbin/radiusd/radiusd.c | 6 | ||||
| -rw-r--r-- | usr.sbin/sasyncd/monitor.c | 33 |
4 files changed, 14 insertions, 39 deletions
diff --git a/sbin/iked/dh.c b/sbin/iked/dh.c index 29cba9addf0..a8308eec596 100644 --- a/sbin/iked/dh.c +++ b/sbin/iked/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.19 2017/03/27 17:17:49 mikeb Exp $ */ +/* $OpenBSD: dh.c,v 1.20 2017/05/21 02:37:52 deraadt Exp $ */ /* * Copyright (c) 2010-2014 Reyk Floeter <reyk@openbsd.org> @@ -262,11 +262,7 @@ group_free(struct group *group) DH_free(group->dh); if (group->ec != NULL) EC_KEY_free(group->ec); - if (group->curve25519 != NULL) { - explicit_bzero(group->curve25519, - sizeof(struct curve25519_key)); - free(group->curve25519); - } + freezero(group->curve25519, sizeof(struct curve25519_key)); group->spec = NULL; free(group); } diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c index cee6623a30f..a6756825209 100644 --- a/usr.sbin/ikectl/ikeca.c +++ b/usr.sbin/ikectl/ikeca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikeca.c,v 1.42 2017/03/29 08:19:13 sthen Exp $ */ +/* $OpenBSD: ikeca.c,v 1.43 2017/05/21 02:37:52 deraadt Exp $ */ /* * Copyright (c) 2010 Jonathan Gray <jsg@openbsd.org> @@ -924,9 +924,7 @@ ca_revoke(struct ca *ca, char *keyname) pass, ca->sslpath, ca->sslpath); system(cmd); - explicit_bzero(pass, len); - free(pass); - + freezero(pass, len); return (0); } diff --git a/usr.sbin/radiusd/radiusd.c b/usr.sbin/radiusd/radiusd.c index 98e3b23ccd8..05b11b9377c 100644 --- a/usr.sbin/radiusd/radiusd.c +++ b/usr.sbin/radiusd/radiusd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusd.c,v 1.18 2016/04/16 18:32:29 krw Exp $ */ +/* $OpenBSD: radiusd.c,v 1.19 2017/05/21 02:37:52 deraadt Exp $ */ /* * Copyright (c) 2013 Internet Initiative Japan Inc. @@ -1063,9 +1063,7 @@ radiusd_module_stop(struct radiusd_module *module) { module->stopped = true; - if (module->secret != NULL) - explicit_bzero(module->secret, strlen(module->secret)); - free(module->secret); + freezero(module->secret, strlen(module->secret)); module->secret = NULL; if (module->fd >= 0) { diff --git a/usr.sbin/sasyncd/monitor.c b/usr.sbin/sasyncd/monitor.c index 6d5b439b7fd..60b11e33360 100644 --- a/usr.sbin/sasyncd/monitor.c +++ b/usr.sbin/sasyncd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.21 2015/10/18 02:39:04 mmcc Exp $ */ +/* $OpenBSD: monitor.c,v 1.22 2017/05/21 02:37:52 deraadt Exp $ */ /* * Copyright (c) 2005 Håkan Olsson. All rights reserved. @@ -285,18 +285,14 @@ monitor_get_pfkey_snap(u_int8_t **sadb, u_int32_t *sadbsize, u_int8_t **spd, } rbytes = m_read(m_state.s, *sadb, *sadbsize); if (rbytes < 1) { - explicit_bzero(*sadb, *sadbsize); - free(*sadb); + freezero(*sadb, *sadbsize); return -1; } } /* Read SPD data */ if (m_read(m_state.s, spdsize, sizeof *spdsize) < 1) { - if (*sadbsize) { - explicit_bzero(*sadb, *sadbsize); - free(*sadb); - } + freezero(*sadb, *sadbsize); return -1; } if (*spdsize) { @@ -304,20 +300,13 @@ monitor_get_pfkey_snap(u_int8_t **sadb, u_int32_t *sadbsize, u_int8_t **spd, if (!*spd) { log_err("monitor_get_pfkey_snap: malloc()"); monitor_drain_input(); - if (*sadbsize) { - explicit_bzero(*sadb, *sadbsize); - free(*sadb); - } + freezero(*sadb, *sadbsize); return -1; } rbytes = m_read(m_state.s, *spd, *spdsize); if (rbytes < 1) { - explicit_bzero(*spd, *spdsize); - free(*spd); - if (*sadbsize) { - explicit_bzero(*sadb, *sadbsize); - free(*sadb); - } + freezero(*spd, *spdsize); + freezero(*sadb, *sadbsize); return -1; } } @@ -441,14 +430,8 @@ m_priv_pfkey_snap(int s) } cleanup: - if (sadb_buf) { - explicit_bzero(sadb_buf, sadb_buflen); - free(sadb_buf); - } - if (spd_buf) { - explicit_bzero(spd_buf, spd_buflen); - free(spd_buf); - } + freezero(sadb_buf, sadb_buflen); + freezero(spd_buf, spd_buflen); } static int |