From 6560be9548e74810725211e0819ce5adf41b84fe Mon Sep 17 00:00:00 2001
From: dtucker <dtucker@openbsd.org>
Date: Fri, 25 Jul 2014 21:22:03 +0000
Subject: [PATCH] Clear buffer used for handling messages.  This prevents keys
 being left in memory after they have been expired or deleted in some cases
 (but note that ssh-agent is setgid so you would still need root to access
 them).  Pointed out by Kevin Burns, ok deraadt

---
 usr.bin/ssh/ssh-agent.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 9d0a2c6ac0b..37841752bc0 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.189 2014/07/18 02:46:01 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.190 2014/07/25 21:22:03 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -953,6 +953,7 @@ after_select(fd_set *readset, fd_set *writeset)
 					break;
 				}
 				buffer_append(&sockets[i].input, buf, len);
+				explicit_bzero(buf, sizeof(buf));
 				process_message(&sockets[i]);
 			}
 			break;
-- 
2.20.1