use freezero()

diff --git a/sbin/iked/pfkey.c b/sbin/iked/pfkey.c
index 2a85b94..bcee41e 100644 (file)
--- a/sbin/iked/pfkey.c
+++ b/sbin/iked/pfkey.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkey.c,v 1.57 2017/03/27 10:29:02 reyk Exp $ */
+/*     $OpenBSD: pfkey.c,v 1.58 2017/04/18 02:29:56 deraadt Exp $      */
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -850,8 +850,7 @@ pfkey_sa_last_used(int sd, struct iked_childsa *sa, uint64_t *last_used)
        log_debug("%s: last_used %llu", __func__, *last_used);
 
 done:
-       explicit_bzero(data, n);
-       free(data);
+       freezero(data, n);
        return (ret);
 }
 
@@ -958,8 +957,7 @@ pfkey_sa_getspi(int sd, uint8_t satype, struct iked_childsa *sa,
        log_debug("%s: spi 0x%08x", __func__, *spip);
 
 done:
-       explicit_bzero(data, n);
-       free(data);
+       freezero(data, n);
        return (ret);
 }
 

diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c
index 4926ce8..6361db9 100644 (file)
--- a/sbin/ipsecctl/pfkey.c
+++ b/sbin/ipsecctl/pfkey.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkey.c,v 1.58 2017/02/28 16:46:27 bluhm Exp $        */
+/*     $OpenBSD: pfkey.c,v 1.59 2017/04/18 02:29:56 deraadt Exp $      */
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
  * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org>
@@ -775,8 +775,7 @@ pfkey_reply(int sd, u_int8_t **datap, ssize_t *lenp)
                err(1, "pfkey_reply: malloc");
        if (read(sd, data, len) != len) {
                warn("PF_KEY short read");
-               explicit_bzero(data, len);
-               free(data);
+               freezero(data, len);
                return -1;
        }
        if (datap) {
@@ -784,8 +783,7 @@ pfkey_reply(int sd, u_int8_t **datap, ssize_t *lenp)
                if (lenp)
                        *lenp = len;
        } else {
-               explicit_bzero(data, len);
-               free(data);
+               freezero(data, len);
        }
        if (datap == NULL && hdr.sadb_msg_errno != 0) {
                errno = hdr.sadb_msg_errno;
@@ -1336,8 +1334,7 @@ pfkey_monitor(int opts)
                pfkey_monitor_sa(msg, opts);
                if (opts & IPSECCTL_OPT_VERBOSE)
                        pfkey_print_raw(data, len);
-               explicit_bzero(data, len);
-               free(data);
+               freezero(data, len);
        }
        close(fd);
        return 0;

diff --git a/usr.sbin/bgpd/pfkey.c b/usr.sbin/bgpd/pfkey.c
index b8d200d..73a7d69 100644 (file)
--- a/usr.sbin/bgpd/pfkey.c
+++ b/usr.sbin/bgpd/pfkey.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkey.c,v 1.48 2017/03/02 19:54:22 renato Exp $ */
+/*     $OpenBSD: pfkey.c,v 1.49 2017/04/18 02:29:56 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -465,15 +465,13 @@ pfkey_reply(int sd, u_int32_t *spi)
        len = hdr.sadb_msg_len * PFKEY2_CHUNK;
        if (read(sd, data, len) != len) {
                log_warn("pfkey read");
-               explicit_bzero(data, len);
-               free(data);
+               freezero(data, len);
                return (-1);
        }
 
        if (hdr.sadb_msg_type == SADB_GETSPI) {
                if (spi == NULL) {
-                       explicit_bzero(data, len);
-                       free(data);
+                       freezero(data, len);
                        return (0);
                }
 
@@ -490,8 +488,7 @@ pfkey_reply(int sd, u_int32_t *spi)
                        }
                }
        }
-       explicit_bzero(data, len);
-       free(data);
+       freezero(data, len);
        return (0);
 }
 

diff --git a/usr.sbin/ldpd/pfkey.c b/usr.sbin/ldpd/pfkey.c
index 57b8f4a..8e56c13 100644 (file)
--- a/usr.sbin/ldpd/pfkey.c
+++ b/usr.sbin/ldpd/pfkey.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkey.c,v 1.10 2016/05/23 19:11:42 renato Exp $ */
+/*     $OpenBSD: pfkey.c,v 1.11 2017/04/18 02:29:56 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -309,15 +309,13 @@ pfkey_reply(int sd, uint32_t *spip)
        len = hdr.sadb_msg_len * PFKEY2_CHUNK;
        if (read(sd, data, len) != len) {
                log_warn("pfkey read");
-               explicit_bzero(data, len);
-               free(data);
+               freezero(data, len);
                return (-1);
        }
 
        if (hdr.sadb_msg_type == SADB_GETSPI) {
                if (spip == NULL) {
-                       explicit_bzero(data, len);
-                       free(data);
+                       freezero(data, len);
                        return (0);
                }
 
@@ -334,8 +332,7 @@ pfkey_reply(int sd, uint32_t *spip)
                        }
                }
        }
-       explicit_bzero(data, len);
-       free(data);
+       freezero(data, len);
        return (0);
 }
 

diff --git a/usr.sbin/sasyncd/pfkey.c b/usr.sbin/sasyncd/pfkey.c
index 000fe7f..7524f86 100644 (file)
--- a/usr.sbin/sasyncd/pfkey.c
+++ b/usr.sbin/sasyncd/pfkey.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkey.c,v 1.27 2016/08/27 04:21:08 guenther Exp $     */
+/*     $OpenBSD: pfkey.c,v 1.28 2017/04/18 02:29:56 deraadt Exp $      */
 
 /*
  * Copyright (c) 2005 Håkan Olsson.  All rights reserved.
@@ -497,8 +497,7 @@ pfkey_snapshot(void *v)
                                    m->sadb_msg_len * CHUNK, p->name);
                        }
                }
-               explicit_bzero(sadb, sadbsz);
-               free(sadb);
+               freezero(sadb, sadbsz);
        }
 
        /* Parse SPD data */
@@ -528,8 +527,7 @@ pfkey_snapshot(void *v)
                        }
                }
                /* Cleanup. */
-               explicit_bzero(spd, spdsz);
-               free(spd);
+               freezero(spd, spdsz);
        }
 
        net_ctl_send_endsnap(p);