Module Name: src
Committed By: drochner
Date: Tue Nov 29 13:18:52 UTC 2011
Modified Files:
src/lib/libcrypt: md5crypt.c
Log Message:
zero out hash context after use, to avoid traces in RAM
(hint from "Solar Designer")
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/lib/libcrypt/md5crypt.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libcrypt/md5crypt.c
diff -u src/lib/libcrypt/md5crypt.c:1.9 src/lib/libcrypt/md5crypt.c:1.10
--- src/lib/libcrypt/md5crypt.c:1.9 Wed Jan 17 23:24:22 2007
+++ src/lib/libcrypt/md5crypt.c Tue Nov 29 13:18:52 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: md5crypt.c,v 1.9 2007/01/17 23:24:22 hubertf Exp $ */
+/* $NetBSD: md5crypt.c,v 1.10 2011/11/29 13:18:52 drochner Exp $ */
/*
* ----------------------------------------------------------------------------
@@ -15,7 +15,7 @@
#include <sys/cdefs.h>
#if !defined(lint)
-__RCSID("$NetBSD: md5crypt.c,v 1.9 2007/01/17 23:24:22 hubertf Exp $");
+__RCSID("$NetBSD: md5crypt.c,v 1.10 2011/11/29 13:18:52 drochner Exp $");
#endif /* not lint */
/*
@@ -117,6 +117,9 @@ __md5crypt(const char *pw, const char *s
FINAL(final, &ctx);
+ /* Don't leave anything around in vm they could use. */
+ memset(&ctx, 0, sizeof(ctx));
+
/*
* And now, just to make sure things don't run too fast. On a 60 MHz
* Pentium this takes 34 msec, so you would need 30 seconds to build
@@ -144,6 +147,9 @@ __md5crypt(const char *pw, const char *s
FINAL(final, &ctx1);
}
+ /* Don't leave anything around in vm they could use. */
+ memset(&ctx1, 0, sizeof(ctx1));
+
p = passwd + sl + MD5_MAGIC_LEN + 1;
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; __crypt_to64(p,l,4); p += 4;
