Index: login_chpass/login_chpass.c
===================================================================
RCS file: /cvs/src/libexec/login_chpass/login_chpass.c,v
retrieving revision 1.16
diff -u -p -r1.16 login_chpass.c
--- login_chpass/login_chpass.c 4 Dec 2012 02:24:47 -0000 1.16
+++ login_chpass/login_chpass.c 5 Feb 2014 15:44:26 -0000
@@ -208,7 +208,7 @@ yp_chpass(char *username)
pwd_gensalt(salt, sizeof(salt), lc, 'y') == 0)
strlcpy(salt, "xx", sizeof(salt));
crypt(p, salt);
- memset(p, 0, strlen(p));
+ explicit_bzero(p, strlen(p));
}
warnx("YP passwd database unchanged.");
exit(1);
Index: login_lchpass/login_lchpass.c
===================================================================
RCS file: /cvs/src/libexec/login_lchpass/login_lchpass.c,v
retrieving revision 1.14
diff -u -p -r1.14 login_lchpass.c
--- login_lchpass/login_lchpass.c 4 Dec 2012 02:24:47 -0000 1.14
+++ login_lchpass/login_lchpass.c 5 Feb 2014 15:44:27 -0000
@@ -136,7 +136,7 @@ main(int argc, char *argv[])
exit(1);
salt = crypt(p, salt);
- memset(p, 0, strlen(p));
+ explicit_bzero(p, strlen(p));
if (!pwd || strcmp(salt, pwd->pw_passwd) != 0)
exit(1);
Index: login_passwd/login.c
===================================================================
RCS file: /cvs/src/libexec/login_passwd/login.c,v
retrieving revision 1.10
diff -u -p -r1.10 login.c
--- login_passwd/login.c 1 Jun 2012 01:43:19 -0000 1.10
+++ login_passwd/login.c 5 Feb 2014 15:44:27 -0000
@@ -158,7 +158,7 @@ main(int argc, char **argv)
#endif
if (password != NULL)
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
if (ret != AUTH_OK)
fprintf(back, BI_REJECT "\n");
Index: login_passwd/login_passwd.c
===================================================================
RCS file: /cvs/src/libexec/login_passwd/login_passwd.c,v
retrieving revision 1.9
diff -u -p -r1.9 login_passwd.c
--- login_passwd/login_passwd.c 9 Mar 2006 19:14:10 -0000 1.9
+++ login_passwd/login_passwd.c 5 Feb 2014 15:44:27 -0000
@@ -62,7 +62,7 @@ pwd_login(char *username, char *password
salt = crypt(password, salt);
plen = strlen(password);
- memset(password, 0, plen);
+ explicit_bzero(password, plen);
/*
* Authentication fails if the user does not exist in the password
Index: login_tis/login_tis.c
===================================================================
RCS file: /cvs/src/libexec/login_tis/login_tis.c,v
retrieving revision 1.11
diff -u -p -r1.11 login_tis.c
--- login_tis/login_tis.c 4 Dec 2012 02:24:47 -0000 1.11
+++ login_tis/login_tis.c 5 Feb 2014 15:44:27 -0000
@@ -394,8 +394,8 @@ tis_getkey(struct tis_connection *tc)
}
DES_string_to_key(key, &cblock);
error = DES_set_key(&cblock, &tc->keysched);
- memset(key, 0, len);
- memset(&cblock, 0, sizeof(cblock));
+ explicit_bzero(key, len);
+ explicit_bzero(&cblock, sizeof(cblock));
free(tbuf);
return (error);
}
@@ -507,10 +507,10 @@ tis_recv(struct tis_connection *tc, u_ch
len, &ks, &iv, DES_DECRYPT);
if (strlcpy(buf, tbuf, bufsiz) >= bufsiz) {
syslog(LOG_ERR, "unencrypted data too large to store");
- memset(tbuf, 0, sizeof(tbuf));
+ explicit_bzero(tbuf, sizeof(tbuf));
return (-1);
}
- memset(tbuf, 0, sizeof(tbuf));
+ explicit_bzero(tbuf, sizeof(tbuf));
}
return (len);
}
@@ -656,7 +656,7 @@ tis_authorize(struct tis_connection *tc,
syslog(LOG_ERR, "unexpected response from authsrv: %s", obuf);
resp = error;
}
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return (resp);
}
@@ -684,10 +684,10 @@ tis_verify(struct tis_connection *tc, co
if (strncmp(buf, "ok", 2) == 0) {
if (buf[2] != '\0')
strlcpy(ebuf, buf + 3, TIS_BUFSIZ);
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return (0);
}
strlcpy(ebuf, buf, TIS_BUFSIZ);
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return (-1);
}
Index: login_yubikey/login_yubikey.c
===================================================================
RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v
retrieving revision 1.8
diff -u -p -r1.8 login_yubikey.c
--- login_yubikey/login_yubikey.c 27 Nov 2013 21:25:25 -0000 1.8
+++ login_yubikey/login_yubikey.c 5 Feb 2014 15:44:27 -0000
@@ -152,7 +152,7 @@ main(int argc, char *argv[])
}
ret = yubikey_login(username, password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
if (ret == AUTH_OK) {
syslog(LOG_INFO, "user %s: authorize", username);
fprintf(f, "%s\n", BI_AUTH);
