From b60cbd1147c90f7667644e4c3cc66939552d81cc Mon Sep 17 00:00:00 2001
From: Markus Friedl <markus@cvs.openbsd.org>
Date: Mon, 17 Sep 2012 13:04:12 +0000
Subject: clear old keys on rekeing; ok djm

---
 usr.bin/ssh/packet.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'usr.bin/ssh')

diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index a71aadaffed..26bc57c5ee2 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.176 2012/01/25 19:40:09 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.177 2012/09/17 13:04:11 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -746,6 +746,9 @@ set_newkeys(int mode)
 		mac  = &active_state->newkeys[mode]->mac;
 		comp = &active_state->newkeys[mode]->comp;
 		mac_clear(mac);
+		memset(enc->iv,  0, enc->block_size);
+		memset(enc->key, 0, enc->key_len);
+		memset(mac->key, 0, mac->key_len);
 		xfree(enc->name);
 		xfree(enc->iv);
 		xfree(enc->key);
-- 
cgit v1.2.3