diff options
| -rw-r--r-- | sbin/init/init.c | 7 | ||||
| -rw-r--r-- | usr.bin/encrypt/encrypt.c | 3 | ||||
| -rw-r--r-- | usr.bin/lock/lock.c | 14 | ||||
| -rw-r--r-- | usr.bin/skey/skey.c | 8 | ||||
| -rw-r--r-- | usr.bin/x99token/x99token.c | 6 | ||||
| -rw-r--r-- | usr.sbin/tokeninit/tokeninit.c | 4 |
6 files changed, 27 insertions, 15 deletions
diff --git a/sbin/init/init.c b/sbin/init/init.c index a2dff9bfafa..1c0e4ce5e73 100644 --- a/sbin/init/init.c +++ b/sbin/init/init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init.c,v 1.63 2017/03/02 10:38:09 natano Exp $ */ +/* $OpenBSD: init.c,v 1.64 2017/05/03 09:51:39 mestre Exp $ */ /* $NetBSD: init.c,v 1.22 1996/05/15 23:29:33 jtc Exp $ */ /*- @@ -561,12 +561,13 @@ f_single_user(void) write(STDERR_FILENO, banner, sizeof banner - 1); for (;;) { int ok = 0; - clear = readpassphrase("Password:", pbuf, sizeof(pbuf), RPP_ECHO_OFF); + clear = readpassphrase("Password:", pbuf, + sizeof(pbuf), RPP_ECHO_OFF); if (clear == NULL || *clear == '\0') _exit(0); if (crypt_checkpass(clear, pp->pw_passwd) == 0) ok = 1; - memset(clear, 0, strlen(clear)); + explicit_bzero(pbuf, sizeof(pbuf)); if (ok) break; warning("single-user login failed\n"); diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c index 5a80fdd081f..5670929b51d 100644 --- a/usr.bin/encrypt/encrypt.c +++ b/usr.bin/encrypt/encrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encrypt.c,v 1.45 2016/09/04 15:36:13 tb Exp $ */ +/* $OpenBSD: encrypt.c,v 1.46 2017/05/03 09:51:39 mestre Exp $ */ /* * Copyright (c) 1996, Jason Downs. All rights reserved. @@ -134,6 +134,7 @@ main(int argc, char **argv) err(1, "readpassphrase"); print_passwd(string, operation, extra); (void)fputc('\n', stdout); + explicit_bzero(string, sizeof(string)); } else { size_t len; /* Encrypt stdin to stdout. */ diff --git a/usr.bin/lock/lock.c b/usr.bin/lock/lock.c index 9aeb0c5560e..b403f55459c 100644 --- a/usr.bin/lock/lock.c +++ b/usr.bin/lock/lock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lock.c,v 1.33 2016/05/28 16:11:10 tedu Exp $ */ +/* $OpenBSD: lock.c,v 1.34 2017/05/03 09:51:39 mestre Exp $ */ /* $NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $ */ /* @@ -162,7 +162,7 @@ main(int argc, char *argv[]) warnx("\apasswords didn't match."); exit(1); } - s[0] = '\0'; + explicit_bzero(s, sizeof(s)); } /* set signal handlers */ @@ -205,10 +205,16 @@ main(int argc, char *argv[]) p = NULL; else p = s; - if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p)) + if (auth_userokay(pw->pw_name, nstyle, "auth-lock", + p)) { + explicit_bzero(s, sizeof(s)); break; - } else if (strcmp(s, s1) == 0) + } + } else if (strcmp(s, s1) == 0) { + explicit_bzero(s, sizeof(s)); + explicit_bzero(s1, sizeof(s1)); break; + } (void)putc('\a', stderr); cnt %= tries; if (++cnt > backoff) { diff --git a/usr.bin/skey/skey.c b/usr.bin/skey/skey.c index f72beee4d0c..9f5f6b5cb47 100644 --- a/usr.bin/skey/skey.c +++ b/usr.bin/skey/skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skey.c,v 1.33 2015/12/01 00:00:19 millert Exp $ */ +/* $OpenBSD: skey.c,v 1.34 2017/05/03 09:51:39 mestre Exp $ */ /* * OpenBSD S/Key (skey.c) * @@ -122,8 +122,12 @@ main(int argc, char *argv[]) exit(1); /* Crunch seed and passphrase into starting key */ - if (keycrunch(key, seed, passwd) != 0) + if (keycrunch(key, seed, passwd) != 0) { + explicit_bzero(passwd, sizeof(passwd)); errx(1, "key crunch failed"); + } + + explicit_bzero(passwd, sizeof(passwd)); if (cnt == 1) { while (n-- != 0) diff --git a/usr.bin/x99token/x99token.c b/usr.bin/x99token/x99token.c index 0aaa0919bdc..4775f1b0882 100644 --- a/usr.bin/x99token/x99token.c +++ b/usr.bin/x99token/x99token.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x99token.c,v 1.12 2015/10/15 19:30:03 bluhm Exp $ */ +/* $OpenBSD: x99token.c,v 1.13 2017/05/03 09:51:39 mestre Exp $ */ /* * X9.9 calculator @@ -169,8 +169,8 @@ main(int argc, char **argv) predict(ks, buf, cnt); - memset(&ks, 0, sizeof(ks)); - memset(buf, 0, sizeof(buf)); + explicit_bzero(&ks, sizeof(ks)); + explicit_bzero(buf, sizeof(buf)); exit(0); } diff --git a/usr.sbin/tokeninit/tokeninit.c b/usr.sbin/tokeninit/tokeninit.c index a40ab28bb59..88993a9818b 100644 --- a/usr.sbin/tokeninit/tokeninit.c +++ b/usr.sbin/tokeninit/tokeninit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tokeninit.c,v 1.12 2016/03/22 00:06:55 bluhm Exp $ */ +/* $OpenBSD: tokeninit.c,v 1.13 2017/05/03 09:51:39 mestre Exp $ */ /*- * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved @@ -149,7 +149,7 @@ main(int argc, char **argv) tt->name); exit(1); } - memset(secret, 0, sizeof(secret)); + explicit_bzero(secret, sizeof(secret)); if (parse_secret(hexformat, seed, secret)) { fprintf(stderr, "%sinit: Invalid secret entered.\n", |