use SO_ZEROIZE for privsep communication (if available)

diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index aa2a77d..ef5e9fc 100644 (file)
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.170 2017/05/31 08:09:45 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.171 2017/05/31 10:04:29 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1315,9 +1315,18 @@ static void
 monitor_openfds(struct monitor *mon, int do_logfds)
 {
        int pair[2];
+#ifdef SO_ZEROIZE
+       int on = 1;
+#endif
 
        if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
                fatal("%s: socketpair: %s", __func__, strerror(errno));
+#ifdef SO_ZEROIZE
+       if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
+               error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
+       if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
+               error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno));
+#endif
        FD_CLOSEONEXEC(pair[0]);
        FD_CLOSEONEXEC(pair[1]);
        mon->m_recvfd = pair[0];