artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5e8c027)
Clear buffer used for handling messages. This prevents keys being
authordtucker <dtucker@openbsd.org>
Fri, 25 Jul 2014 21:22:03 +0000 (21:22 +0000)
committerdtucker <dtucker@openbsd.org>
Fri, 25 Jul 2014 21:22:03 +0000 (21:22 +0000)
left in memory after they have been expired or deleted in some cases
(but note that ssh-agent is setgid so you would still need root to
access them).  Pointed out by Kevin Burns, ok deraadt

usr.bin/ssh/ssh-agent.c patch | blob | history

diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 9d0a2c6..3784175 100644 (file)
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.189 2014/07/18 02:46:01 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.190 2014/07/25 21:22:03 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -953,6 +953,7 @@ after_select(fd_set *readset, fd_set *writeset)
                                        break;
                                }
                                buffer_append(&sockets[i].input, buf, len);
+                               explicit_bzero(buf, sizeof(buf));
                                process_message(&sockets[i]);
                        }
                        break;
OpenBSD src
by Ahmet Artu Yildirim