clear stack variables, suggested by djm

1 files changed, 4 insertions, 1 deletions

diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c
index 7d388cf2ea8..4fa36bf6e25 100644
--- a/lib/libc/crypt/bcrypt.c
+++ b/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bcrypt.c,v 1.34 2014/03/23 23:25:05 tedu Exp $	*/
+/*	$OpenBSD: bcrypt.c,v 1.35 2014/03/23 23:27:52 tedu Exp $	*/
 
 /*
  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@@ -218,6 +218,7 @@ bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen)
 	if (bcrypt_hashpass(pass, salt, hash, hashlen) != 0)
 		return -1;
 
+	explicit_bzero(salt, sizeof(salt));
 	return 0;
 }
 
@@ -231,6 +232,8 @@ bcrypt_checkpass(const char *pass, const char *goodhash)
 	if (strlen(hash) != strlen(goodhash) ||
 	    timingsafe_bcmp(hash, goodhash, strlen(goodhash)) != 0)
 		return -1;
+
+	explicit_bzero(hash, sizeof(hash));
 	return 0;
 }