Hi,
This converts explicit_bzero+free to freezero on smtpd(8).
OK?
Index: ca.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v
retrieving revision 1.26
diff -u -p -u -r1.26 ca.c
--- ca.c 9 Jan 2017 09:53:23 -0000 1.26
+++ ca.c 11 May 2017 10:16:47 -0000
@@ -142,8 +142,7 @@ ca_init(void)
pki->pki_pkey = pkey;
- explicit_bzero(pki->pki_key, pki->pki_key_len);
- free(pki->pki_key);
+ freezero(pki->pki_key, pki->pki_key_len);
pki->pki_key = NULL;
}
}
Index: config.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/config.c,v
retrieving revision 1.37
diff -u -p -u -r1.37 config.c
--- config.c 1 Sep 2016 10:54:25 -0000 1.37
+++ config.c 11 May 2017 10:16:48 -0000
@@ -70,12 +70,8 @@ purge_config(uint8_t what)
}
if (what & PURGE_PKI) {
while (dict_poproot(env->sc_pki_dict, (void **)&p)) {
- explicit_bzero(p->pki_cert, p->pki_cert_len);
- free(p->pki_cert);
- if (p->pki_key) {
- explicit_bzero(p->pki_key, p->pki_key_len);
- free(p->pki_key);
- }
+ freezero(p->pki_cert, p->pki_cert_len);
+ freezero(p->pki_key, p->pki_key_len);
if (p->pki_pkey)
EVP_PKEY_free(p->pki_pkey);
free(p);
@@ -86,14 +82,10 @@ purge_config(uint8_t what)
iter_dict = NULL;
while (dict_iter(env->sc_pki_dict, &iter_dict, &k,
(void **)&p)) {
- explicit_bzero(p->pki_cert, p->pki_cert_len);
- free(p->pki_cert);
+ freezero(p->pki_cert, p->pki_cert_len);
p->pki_cert = NULL;
- if (p->pki_key) {
- explicit_bzero(p->pki_key, p->pki_key_len);
- free(p->pki_key);
- p->pki_key = NULL;
- }
+ freezero(p->pki_key, p->pki_key_len);
+ p->pki_key = NULL;
if (p->pki_pkey)
EVP_PKEY_free(p->pki_pkey);
p->pki_pkey = NULL;
Index: mta_session.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v
retrieving revision 1.96
diff -u -p -u -r1.96 mta_session.c
--- mta_session.c 30 Nov 2016 17:43:32 -0000 1.96
+++ mta_session.c 11 May 2017 10:16:50 -0000
@@ -341,8 +341,7 @@ mta_session_imsg(struct mproc *p, struct
fatal("mta: ssl_mta_init");
io_start_tls(s->io, ssl);
- explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len);
- free(resp_ca_cert->cert);
+ freezero(resp_ca_cert->cert, resp_ca_cert->cert_len);
free(resp_ca_cert);
return;
Index: smtp_session.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
retrieving revision 1.302
diff -u -p -u -r1.302 smtp_session.c
--- smtp_session.c 30 Nov 2016 17:43:32 -0000 1.302
+++ smtp_session.c 11 May 2017 10:16:54 -0000
@@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struc
io_set_read(s->io);
io_start_tls(s->io, ssl);
- explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len);
- free(resp_ca_cert->cert);
+ freezero(resp_ca_cert->cert, resp_ca_cert->cert_len);
free(resp_ca_cert);
return;
