diff options
| author |   jsg <jsg@openbsd.org> | 2020-02-26 13:40:09 +0000 |
|---|---|---|
| committer | jsg <jsg@openbsd.org> | 2020-02-26 13:40:09 +0000 |
| commit | c9831b39c7f05cf54db0775dea423b6be448db6e (patch) | |
| tree | f50d8c53bee8b027f393d63b6867f7cdcf2c7a4b /usr.bin/ssh/sshkey.c | |
| parent | Have sftp reject "-1" in the same way as ssh(1) and scp(1) do instead (diff) | |
| download | wireguard-openbsd-c9831b39c7f05cf54db0775dea423b6be448db6e.tar.xz wireguard-openbsd-c9831b39c7f05cf54db0775dea423b6be448db6e.zip | |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
Diffstat (limited to 'usr.bin/ssh/sshkey.c')
| -rw-r--r-- | usr.bin/ssh/sshkey.c | 44 |
1 files changed, 15 insertions, 29 deletions
diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index 00dd205ea61..d2055bd27a0 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -990,10 +990,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, r = 0; out: free(ret); - if (blob != NULL) { - explicit_bzero(blob, blob_len); - free(blob); - } + if (blob != NULL) + freezero(blob, blob_len); return r; } @@ -1251,12 +1249,10 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg, dgst_raw, dgst_raw_len, k); break; default: - explicit_bzero(dgst_raw, dgst_raw_len); - free(dgst_raw); + freezero(dgst_raw, dgst_raw_len); return NULL; } - explicit_bzero(dgst_raw, dgst_raw_len); - free(dgst_raw); + freezero(dgst_raw, dgst_raw_len); return retval; } @@ -3999,18 +3995,12 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob, sshbuf_free(encrypted); cipher_free(ciphercontext); explicit_bzero(salt, sizeof(salt)); - if (key != NULL) { - explicit_bzero(key, keylen + ivlen); - free(key); - } - if (pubkeyblob != NULL) { - explicit_bzero(pubkeyblob, pubkeylen); - free(pubkeyblob); - } - if (b64 != NULL) { - explicit_bzero(b64, strlen(b64)); - free(b64); - } + if (key != NULL) + freezero(key, keylen + ivlen); + if (pubkeyblob != NULL) + freezero(pubkeyblob, pubkeylen); + if (b64 != NULL) + freezero(b64, strlen(b64)); return r; } @@ -4218,14 +4208,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, free(ciphername); free(kdfname); free(comment); - if (salt != NULL) { - explicit_bzero(salt, slen); - free(salt); - } - if (key != NULL) { - explicit_bzero(key, keylen + ivlen); - free(key); - } + if (salt != NULL) + freezero(salt, slen); + if (key != NULL) + freezero(key, keylen + ivlen); sshbuf_free(encoded); sshbuf_free(decoded); sshbuf_free(kdf); |