On Thu, May 11, 2017 at 11:33:10AM +0100, Ricardo Mestre wrote: > Hi, > > This converts explicit_bzero+free to freezero on smtpd(8). > > OK?
Sorry i was away from town I'll have a look at freezero() tomorrow as I missed most of the discussion about its semantics and I'll ok then Thanks > Index: ca.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v > retrieving revision 1.26 > diff -u -p -u -r1.26 ca.c > --- ca.c 9 Jan 2017 09:53:23 -0000 1.26 > +++ ca.c 11 May 2017 10:16:47 -0000 > @@ -142,8 +142,7 @@ ca_init(void) > > pki->pki_pkey = pkey; > > - explicit_bzero(pki->pki_key, pki->pki_key_len); > - free(pki->pki_key); > + freezero(pki->pki_key, pki->pki_key_len); > pki->pki_key = NULL; > } > } > Index: config.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/config.c,v > retrieving revision 1.37 > diff -u -p -u -r1.37 config.c > --- config.c 1 Sep 2016 10:54:25 -0000 1.37 > +++ config.c 11 May 2017 10:16:48 -0000 > @@ -70,12 +70,8 @@ purge_config(uint8_t what) > } > if (what & PURGE_PKI) { > while (dict_poproot(env->sc_pki_dict, (void **)&p)) { > - explicit_bzero(p->pki_cert, p->pki_cert_len); > - free(p->pki_cert); > - if (p->pki_key) { > - explicit_bzero(p->pki_key, p->pki_key_len); > - free(p->pki_key); > - } > + freezero(p->pki_cert, p->pki_cert_len); > + freezero(p->pki_key, p->pki_key_len); > if (p->pki_pkey) > EVP_PKEY_free(p->pki_pkey); > free(p); > @@ -86,14 +82,10 @@ purge_config(uint8_t what) > iter_dict = NULL; > while (dict_iter(env->sc_pki_dict, &iter_dict, &k, > (void **)&p)) { > - explicit_bzero(p->pki_cert, p->pki_cert_len); > - free(p->pki_cert); > + freezero(p->pki_cert, p->pki_cert_len); > p->pki_cert = NULL; > - if (p->pki_key) { > - explicit_bzero(p->pki_key, p->pki_key_len); > - free(p->pki_key); > - p->pki_key = NULL; > - } > + freezero(p->pki_key, p->pki_key_len); > + p->pki_key = NULL; > if (p->pki_pkey) > EVP_PKEY_free(p->pki_pkey); > p->pki_pkey = NULL; > Index: mta_session.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v > retrieving revision 1.96 > diff -u -p -u -r1.96 mta_session.c > --- mta_session.c 30 Nov 2016 17:43:32 -0000 1.96 > +++ mta_session.c 11 May 2017 10:16:50 -0000 > @@ -341,8 +341,7 @@ mta_session_imsg(struct mproc *p, struct > fatal("mta: ssl_mta_init"); > io_start_tls(s->io, ssl); > > - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); > - free(resp_ca_cert->cert); > + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len); > free(resp_ca_cert); > return; > > Index: smtp_session.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v > retrieving revision 1.302 > diff -u -p -u -r1.302 smtp_session.c > --- smtp_session.c 30 Nov 2016 17:43:32 -0000 1.302 > +++ smtp_session.c 11 May 2017 10:16:54 -0000 > @@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struc > io_set_read(s->io); > io_start_tls(s->io, ssl); > > - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); > - free(resp_ca_cert->cert); > + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len); > free(resp_ca_cert); > return; > -- Gilles Chehade https://www.poolp.org @poolpOrg