Bugzilla – Attachment 2789 Details for
Bug 2541
Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch file for this bug report
auth2-hostbased.c.patch (text/plain), 724 bytes, created by
Bill Parker
on 2016-02-15 07:47:46 AEDT
(
hide
)
Description:
Patch file for this bug report
Filename:
MIME Type:
Creator:
Bill Parker
Created:
2016-02-15 07:47:46 AEDT
Size:
724 bytes
patch
obsolete
>--- auth2-hostbased.c.orig 2016-02-13 19:00:19.828756146 -0800 >+++ auth2-hostbased.c 2016-02-13 19:04:31.173700796 -0800 >@@ -147,10 +147,15 @@ > debug2("userauth_hostbased: authenticated %d", authenticated); > if (key != NULL) > key_free(key); >+ explicit_bzero(pkalg, sizeof(*pkalg)); > free(pkalg); >+ explicit_bzero(pkblob, sizeof(*pkblob)); > free(pkblob); >+ explicit_bzero(cuser, sizeof(*cuser)); > free(cuser); >+ explicit_bzero(chost, sizeof(*chost)); > free(chost); >+ explicit_bzero(sig, sizeof(*sig)); > free(sig); > return authenticated; > } >@@ -237,6 +242,7 @@ > verbose("Accepted %s public key %s from %s@%s", > key_type(key), fp, cuser, lookup); > } >+ explicit_bzero(fp, sizeof(*fp)); > free(fp); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2789">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
wp02855
:
ok?
Actions:
View
|
Diff
Attachments on
bug 2541
:
2787
|
2788
| 2789