diff options
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/encrypt/encrypt.c | 3 | ||||
| -rw-r--r-- | usr.bin/lock/lock.c | 14 | ||||
| -rw-r--r-- | usr.bin/skey/skey.c | 8 | ||||
| -rw-r--r-- | usr.bin/x99token/x99token.c | 6 |
4 files changed, 21 insertions, 10 deletions
diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c index 5a80fdd081f..5670929b51d 100644 --- a/usr.bin/encrypt/encrypt.c +++ b/usr.bin/encrypt/encrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encrypt.c,v 1.45 2016/09/04 15:36:13 tb Exp $ */ +/* $OpenBSD: encrypt.c,v 1.46 2017/05/03 09:51:39 mestre Exp $ */ /* * Copyright (c) 1996, Jason Downs. All rights reserved. @@ -134,6 +134,7 @@ main(int argc, char **argv) err(1, "readpassphrase"); print_passwd(string, operation, extra); (void)fputc('\n', stdout); + explicit_bzero(string, sizeof(string)); } else { size_t len; /* Encrypt stdin to stdout. */ diff --git a/usr.bin/lock/lock.c b/usr.bin/lock/lock.c index 9aeb0c5560e..b403f55459c 100644 --- a/usr.bin/lock/lock.c +++ b/usr.bin/lock/lock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lock.c,v 1.33 2016/05/28 16:11:10 tedu Exp $ */ +/* $OpenBSD: lock.c,v 1.34 2017/05/03 09:51:39 mestre Exp $ */ /* $NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $ */ /* @@ -162,7 +162,7 @@ main(int argc, char *argv[]) warnx("\apasswords didn't match."); exit(1); } - s[0] = '\0'; + explicit_bzero(s, sizeof(s)); } /* set signal handlers */ @@ -205,10 +205,16 @@ main(int argc, char *argv[]) p = NULL; else p = s; - if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p)) + if (auth_userokay(pw->pw_name, nstyle, "auth-lock", + p)) { + explicit_bzero(s, sizeof(s)); break; - } else if (strcmp(s, s1) == 0) + } + } else if (strcmp(s, s1) == 0) { + explicit_bzero(s, sizeof(s)); + explicit_bzero(s1, sizeof(s1)); break; + } (void)putc('\a', stderr); cnt %= tries; if (++cnt > backoff) { diff --git a/usr.bin/skey/skey.c b/usr.bin/skey/skey.c index f72beee4d0c..9f5f6b5cb47 100644 --- a/usr.bin/skey/skey.c +++ b/usr.bin/skey/skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skey.c,v 1.33 2015/12/01 00:00:19 millert Exp $ */ +/* $OpenBSD: skey.c,v 1.34 2017/05/03 09:51:39 mestre Exp $ */ /* * OpenBSD S/Key (skey.c) * @@ -122,8 +122,12 @@ main(int argc, char *argv[]) exit(1); /* Crunch seed and passphrase into starting key */ - if (keycrunch(key, seed, passwd) != 0) + if (keycrunch(key, seed, passwd) != 0) { + explicit_bzero(passwd, sizeof(passwd)); errx(1, "key crunch failed"); + } + + explicit_bzero(passwd, sizeof(passwd)); if (cnt == 1) { while (n-- != 0) diff --git a/usr.bin/x99token/x99token.c b/usr.bin/x99token/x99token.c index 0aaa0919bdc..4775f1b0882 100644 --- a/usr.bin/x99token/x99token.c +++ b/usr.bin/x99token/x99token.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x99token.c,v 1.12 2015/10/15 19:30:03 bluhm Exp $ */ +/* $OpenBSD: x99token.c,v 1.13 2017/05/03 09:51:39 mestre Exp $ */ /* * X9.9 calculator @@ -169,8 +169,8 @@ main(int argc, char **argv) predict(ks, buf, cnt); - memset(&ks, 0, sizeof(ks)); - memset(buf, 0, sizeof(buf)); + explicit_bzero(&ks, sizeof(ks)); + explicit_bzero(buf, sizeof(buf)); exit(0); } |