Index: login_chpass/login_chpass.c =================================================================== RCS file: /cvs/src/libexec/login_chpass/login_chpass.c,v retrieving revision 1.16 diff -u -p -r1.16 login_chpass.c --- login_chpass/login_chpass.c 4 Dec 2012 02:24:47 -0000 1.16 +++ login_chpass/login_chpass.c 5 Feb 2014 15:44:26 -0000 @@ -208,7 +208,7 @@ yp_chpass(char *username) pwd_gensalt(salt, sizeof(salt), lc, 'y') == 0) strlcpy(salt, "xx", sizeof(salt)); crypt(p, salt); - memset(p, 0, strlen(p)); + explicit_bzero(p, strlen(p)); } warnx("YP passwd database unchanged."); exit(1); Index: login_lchpass/login_lchpass.c =================================================================== RCS file: /cvs/src/libexec/login_lchpass/login_lchpass.c,v retrieving revision 1.14 diff -u -p -r1.14 login_lchpass.c --- login_lchpass/login_lchpass.c 4 Dec 2012 02:24:47 -0000 1.14 +++ login_lchpass/login_lchpass.c 5 Feb 2014 15:44:27 -0000 @@ -136,7 +136,7 @@ main(int argc, char *argv[]) exit(1); salt = crypt(p, salt); - memset(p, 0, strlen(p)); + explicit_bzero(p, strlen(p)); if (!pwd || strcmp(salt, pwd->pw_passwd) != 0) exit(1); Index: login_passwd/login.c =================================================================== RCS file: /cvs/src/libexec/login_passwd/login.c,v retrieving revision 1.10 diff -u -p -r1.10 login.c --- login_passwd/login.c 1 Jun 2012 01:43:19 -0000 1.10 +++ login_passwd/login.c 5 Feb 2014 15:44:27 -0000 @@ -158,7 +158,7 @@ main(int argc, char **argv) #endif if (password != NULL) - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); if (ret != AUTH_OK) fprintf(back, BI_REJECT "\n"); Index: login_passwd/login_passwd.c =================================================================== RCS file: /cvs/src/libexec/login_passwd/login_passwd.c,v retrieving revision 1.9 diff -u -p -r1.9 login_passwd.c --- login_passwd/login_passwd.c 9 Mar 2006 19:14:10 -0000 1.9 +++ login_passwd/login_passwd.c 5 Feb 2014 15:44:27 -0000 @@ -62,7 +62,7 @@ pwd_login(char *username, char *password salt = crypt(password, salt); plen = strlen(password); - memset(password, 0, plen); + explicit_bzero(password, plen); /* * Authentication fails if the user does not exist in the password Index: login_tis/login_tis.c =================================================================== RCS file: /cvs/src/libexec/login_tis/login_tis.c,v retrieving revision 1.11 diff -u -p -r1.11 login_tis.c --- login_tis/login_tis.c 4 Dec 2012 02:24:47 -0000 1.11 +++ login_tis/login_tis.c 5 Feb 2014 15:44:27 -0000 @@ -394,8 +394,8 @@ tis_getkey(struct tis_connection *tc) } DES_string_to_key(key, &cblock); error = DES_set_key(&cblock, &tc->keysched); - memset(key, 0, len); - memset(&cblock, 0, sizeof(cblock)); + explicit_bzero(key, len); + explicit_bzero(&cblock, sizeof(cblock)); free(tbuf); return (error); } @@ -507,10 +507,10 @@ tis_recv(struct tis_connection *tc, u_ch len, &ks, &iv, DES_DECRYPT); if (strlcpy(buf, tbuf, bufsiz) >= bufsiz) { syslog(LOG_ERR, "unencrypted data too large to store"); - memset(tbuf, 0, sizeof(tbuf)); + explicit_bzero(tbuf, sizeof(tbuf)); return (-1); } - memset(tbuf, 0, sizeof(tbuf)); + explicit_bzero(tbuf, sizeof(tbuf)); } return (len); } @@ -656,7 +656,7 @@ tis_authorize(struct tis_connection *tc, syslog(LOG_ERR, "unexpected response from authsrv: %s", obuf); resp = error; } - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return (resp); } @@ -684,10 +684,10 @@ tis_verify(struct tis_connection *tc, co if (strncmp(buf, "ok", 2) == 0) { if (buf[2] != '\0') strlcpy(ebuf, buf + 3, TIS_BUFSIZ); - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return (0); } strlcpy(ebuf, buf, TIS_BUFSIZ); - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return (-1); } Index: login_yubikey/login_yubikey.c =================================================================== RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v retrieving revision 1.8 diff -u -p -r1.8 login_yubikey.c --- login_yubikey/login_yubikey.c 27 Nov 2013 21:25:25 -0000 1.8 +++ login_yubikey/login_yubikey.c 5 Feb 2014 15:44:27 -0000 @@ -152,7 +152,7 @@ main(int argc, char *argv[]) } ret = yubikey_login(username, password); - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); if (ret == AUTH_OK) { syslog(LOG_INFO, "user %s: authorize", username); fprintf(f, "%s\n", BI_AUTH);