1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
--- openssh-5.3p1.orig/sshconnect2.c 2009-03-05 14:58:22.000000000 +0100
+++ openssh-5.3p1/sshconnect2.c 2009-12-05 12:10:19.000000000 +0100
@@ -922,14 +922,14 @@ jpake_password_to_secret(Authctxt *authc
&secret, &secret_len) != 0)
fatal("%s: hash_buffer", __func__);
- bzero(password, strlen(password));
- bzero(crypted, strlen(crypted));
+ memset(password, 0, strlen(password));
+ memset(crypted, 0, strlen(crypted));
xfree(password);
xfree(crypted);
if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
fatal("%s: BN_bin2bn (secret)", __func__);
- bzero(secret, secret_len);
+ memset(secret, 0, secret_len);
xfree(secret);
return ret;
@@ -966,8 +966,8 @@ input_userauth_jpake_server_step1(int ty
/* Obtain password and derive secret */
pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
- bzero(crypt_scheme, strlen(crypt_scheme));
- bzero(salt, strlen(salt));
+ memset(crypt_scheme, 0, strlen(crypt_scheme));
+ memset(salt, 0, strlen(salt));
xfree(crypt_scheme);
xfree(salt);
JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
@@ -982,8 +982,8 @@ input_userauth_jpake_server_step1(int ty
&pctx->a,
&x2_s_proof, &x2_s_proof_len);
- bzero(x3_proof, x3_proof_len);
- bzero(x4_proof, x4_proof_len);
+ memset(x3_proof, 0, x3_proof_len);
+ memset(x4_proof, 0, x4_proof_len);
xfree(x3_proof);
xfree(x4_proof);
@@ -995,7 +995,7 @@ input_userauth_jpake_server_step1(int ty
packet_put_string(x2_s_proof, x2_s_proof_len);
packet_send();
- bzero(x2_s_proof, x2_s_proof_len);
+ memset(x2_s_proof, 0, x2_s_proof_len);
xfree(x2_s_proof);
/* Expect step 2 packet from peer */
@@ -1035,7 +1035,7 @@ input_userauth_jpake_server_step2(int ty
&pctx->k,
&pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
- bzero(x4_s_proof, x4_s_proof_len);
+ memset(x4_s_proof, 0, x4_s_proof_len);
xfree(x4_s_proof);
JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
@@ -1701,8 +1701,8 @@ userauth_jpake(Authctxt *authctxt)
packet_put_string(x2_proof, x2_proof_len);
packet_send();
- bzero(x1_proof, x1_proof_len);
- bzero(x2_proof, x2_proof_len);
+ memset(x1_proof, 0, x1_proof_len);
+ memset(x2_proof, 0, x2_proof_len);
xfree(x1_proof);
xfree(x2_proof);
|