From 19b6d7c65f2ce5bf7709f16c9eea79f2fee920e1 Mon Sep 17 00:00:00 2001 From: dtucker Date: Fri, 27 May 2022 04:29:40 +0000 Subject: [PATCH] f sshpkt functions fail, then password is not cleared with freezero. Unconditionally call freezero to guarantee that password is removed from RAM. From tobias@ and c3h2_ctf via github PR#286, ok djm@ --- usr.bin/ssh/auth2-passwd.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr.bin/ssh/auth2-passwd.c b/usr.bin/ssh/auth2-passwd.c index 9c62de149d1..b9feb71689a 100644 --- a/usr.bin/ssh/auth2-passwd.c +++ b/usr.bin/ssh/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.20 2021/12/19 22:12:07 djm Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.21 2022/05/27 04:29:40 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -49,16 +49,18 @@ extern ServerOptions options; static int userauth_passwd(struct ssh *ssh, const char *method) { - char *password; + char *password = NULL; int authenticated = 0, r; u_char change; - size_t len; + size_t len = 0; if ((r = sshpkt_get_u8(ssh, &change)) != 0 || (r = sshpkt_get_cstring(ssh, &password, &len)) != 0 || (change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) || - (r = sshpkt_get_end(ssh)) != 0) + (r = sshpkt_get_end(ssh)) != 0) { + freezero(password, len); fatal_fr(r, "parse packet"); + } if (change) logit("password change not supported"); -- 2.20.1