From 2d7a0350264487ea8cf113b797528b4a42f38485 Mon Sep 17 00:00:00 2001
From: millert <millert@openbsd.org>
Date: Tue, 22 Apr 2014 22:11:23 +0000
Subject: [PATCH] Use calloc() instead of malloc(n * s) followed by memset(). 
 Not actually used on OpenBSD but changed to avoid false positives in audits. 
 From Jean-Philippe Ouellet.

---
 usr.bin/sudo/auth/pam.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c
index f9fa26d3438..5f89b4315f4 100644
--- a/usr.bin/sudo/auth/pam.c
+++ b/usr.bin/sudo/auth/pam.c
@@ -260,9 +260,8 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
     char *pass;
     int n, flags, std_prompt;
 
-    if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
+    if ((*response = calloc(num_msg, sizeof(struct pam_response))) == NULL)
 	return(PAM_SYSTEM_ERR);
-    zero_bytes(*response, num_msg * sizeof(struct pam_response));
 
     for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) {
 	flags = tgetpass_flags;
-- 
2.20.1