From: deraadt <deraadt@openbsd.org>
Date: Mon, 17 Apr 2017 21:49:01 +0000 (+0000)
Subject: memset() of password field should be explicit_bzero().
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=72547754b766351e4b6ebcc51b842f0ddc2fd220;p=openbsd

memset() of password field should be explicit_bzero().
[Not using freezero() in yacc files yet]
---

diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index b8bce1930b4..36d9824a9ce 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ftpcmd.y,v 1.64 2016/08/26 06:32:10 tedu Exp $	*/
+/*	$OpenBSD: ftpcmd.y,v 1.65 2017/04/17 21:49:01 deraadt Exp $	*/
 /*	$NetBSD: ftpcmd.y,v 1.7 1996/04/08 19:03:11 jtc Exp $	*/
 
 /*
@@ -157,7 +157,7 @@ cmd
 	| PASS SP password CRLF
 		{
 			quit = monitor_pass($3);
-			memset($3, 0, strlen($3));
+			explicit_bzero($3, strlen($3));
 			free($3);
 
 			/* Terminate unprivileged pre-auth slave */