From f9df90cf9cea91a407ecfb2bcd5d03a6cb186a82 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@cvs.openbsd.org>
Date: Tue, 31 Mar 2015 11:06:50 +0000
Subject: Comments are only supported for RSA1 keys. If a user tried to add one
 and entered his passphrase, explicitly clear it before exit. This is done in
 all other error paths, too.

ok djm
---
 usr.bin/ssh/ssh-keygen.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'usr.bin')

diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index 5dcbc2e7b0b..577bc5b3908 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.267 2015/03/23 06:06:38 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.268 2015/03/31 11:06:49 tobias Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1385,6 +1385,7 @@ do_change_comment(struct passwd *pw)
 	}
 	if (private->type != KEY_RSA1) {
 		fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
+		explicit_bzero(passphrase, strlen(passphrase));
 		sshkey_free(private);
 		exit(1);
 	}
-- 
cgit v1.2.3