memset() of password field should be explicit_bzero().

author deraadt <deraadt@openbsd.org>

Mon, 17 Apr 2017 21:49:01 +0000 (21:49 +0000)

committer deraadt <deraadt@openbsd.org>

Mon, 17 Apr 2017 21:49:01 +0000 (21:49 +0000)
author deraadt <deraadt@openbsd.org>
Mon, 17 Apr 2017 21:49:01 +0000 (21:49 +0000)
committer deraadt <deraadt@openbsd.org>
Mon, 17 Apr 2017 21:49:01 +0000 (21:49 +0000)
diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y

index b8bce19..36d9824 100644 (file)
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ftpcmd.y,v 1.64 2016/08/26 06:32:10 tedu Exp $        */
+/*     $OpenBSD: ftpcmd.y,v 1.65 2017/04/17 21:49:01 deraadt Exp $     */
  /*     $NetBSD: ftpcmd.y,v 1.7 1996/04/08 19:03:11 jtc Exp $   */
  
  /*
@@ -157,7 +157,7 @@ cmd
         | PASS SP password CRLF
                 {
                         quit = monitor_pass($3);
-                       memset($3, 0, strlen($3));
+                       explicit_bzero($3, strlen($3));
                         free($3);
  
                         /* Terminate unprivileged pre-auth slave */
author	deraadt <deraadt@openbsd.org>
	Mon, 17 Apr 2017 21:49:01 +0000 (21:49 +0000)
committer	deraadt <deraadt@openbsd.org>
	Mon, 17 Apr 2017 21:49:01 +0000 (21:49 +0000)