diff options
| author |   dtucker <dtucker@openbsd.org> | 2014-07-25 21:22:03 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2014-07-25 21:22:03 +0000 |
| commit | 6560be9548e74810725211e0819ce5adf41b84fe (patch) | |
| tree | 21d2f03bfccaf296497cb300634b070efa7c83b1 /usr.bin/ssh/ssh-agent.c | |
| parent | Choosing the right encoding is a tricky business... (diff) | |
| download | wireguard-openbsd-6560be9548e74810725211e0819ce5adf41b84fe.tar.xz wireguard-openbsd-6560be9548e74810725211e0819ce5adf41b84fe.zip | |
Clear buffer used for handling messages. This prevents keys being
left in memory after they have been expired or deleted in some cases
(but note that ssh-agent is setgid so you would still need root to
access them). Pointed out by Kevin Burns, ok deraadt
Diffstat (limited to 'usr.bin/ssh/ssh-agent.c')
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 9d0a2c6ac0b..37841752bc0 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.189 2014/07/18 02:46:01 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.190 2014/07/25 21:22:03 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -953,6 +953,7 @@ after_select(fd_set *readset, fd_set *writeset) break; } buffer_append(&sockets[i].input, buf, len); + explicit_bzero(buf, sizeof(buf)); process_message(&sockets[i]); } break; |