--- openssh-5.2p1.orig/sshconnect2.c	2008-11-05 06:20:47.000000000 +0100
+++ openssh-5.2p1/sshconnect2.c	2009-09-18 12:30:37.000000000 +0200
@@ -921,14 +921,14 @@ jpake_password_to_secret(Authctxt *authc
 	    &secret, &secret_len) != 0)
 		fatal("%s: hash_buffer", __func__);
 
-	bzero(password, strlen(password));
-	bzero(crypted, strlen(crypted));
+	memset(password, 0, strlen(password));
+	memset(crypted, 0, strlen(crypted));
 	xfree(password);
 	xfree(crypted);
 
 	if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
 		fatal("%s: BN_bin2bn (secret)", __func__);
-	bzero(secret, secret_len);
+	memset(secret, 0, secret_len);
 	xfree(secret);
 
 	return ret;
@@ -965,8 +965,8 @@ input_userauth_jpake_server_step1(int ty
 
 	/* Obtain password and derive secret */
 	pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
-	bzero(crypt_scheme, strlen(crypt_scheme));
-	bzero(salt, strlen(salt));
+	memset(crypt_scheme, 0, strlen(crypt_scheme));
+	memset(salt, 0, strlen(salt));
 	xfree(crypt_scheme);
 	xfree(salt);
 	JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
@@ -981,8 +981,8 @@ input_userauth_jpake_server_step1(int ty
 	    &pctx->a,
 	    &x2_s_proof, &x2_s_proof_len);
 
-	bzero(x3_proof, x3_proof_len);
-	bzero(x4_proof, x4_proof_len);
+	memset(x3_proof, 0, x3_proof_len);
+	memset(x4_proof, 0, x4_proof_len);
 	xfree(x3_proof);
 	xfree(x4_proof);
 
@@ -994,7 +994,7 @@ input_userauth_jpake_server_step1(int ty
 	packet_put_string(x2_s_proof, x2_s_proof_len);
 	packet_send();
 
-	bzero(x2_s_proof, x2_s_proof_len);
+	memset(x2_s_proof, 0, x2_s_proof_len);
 	xfree(x2_s_proof);
 
 	/* Expect step 2 packet from peer */
@@ -1034,7 +1034,7 @@ input_userauth_jpake_server_step2(int ty
 	    &pctx->k,
 	    &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
 
-	bzero(x4_s_proof, x4_s_proof_len);
+	memset(x4_s_proof, 0, x4_s_proof_len);
 	xfree(x4_s_proof);
 
 	JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
@@ -1700,8 +1700,8 @@ userauth_jpake(Authctxt *authctxt)
 	packet_put_string(x2_proof, x2_proof_len);
 	packet_send();
 
-	bzero(x1_proof, x1_proof_len);
-	bzero(x2_proof, x2_proof_len);
+	memset(x1_proof, 0, x1_proof_len);
+	memset(x2_proof, 0, x2_proof_len);
 	xfree(x1_proof);
 	xfree(x2_proof);