tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: f sshpkt functions fail, then password is not cleared 

with freezero. Unconditionally call freezero to guarantee that password is
removed from RAM.

From tobias@ and c3h2_ctf via github PR#286, ok djm@

OpenBSD-Commit-ID: 6b093619c9515328e25b0f8093779c52402c89cd
This commit is contained in:
dtucker@openbsd.org 2022-05-27 04:29:40 +00:00 committed by Darren Tucker
parent 5d3a77f4c5
commit 2c334fd36f
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
auth2-passwd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-passwd.c,v 1.20 2021/12/19 22:12:07 djm Exp $ */
/* $OpenBSD: auth2-passwd.c,v 1.21 2022/05/27 04:29:40 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -51,16 +51,18 @@ extern ServerOptions options;
static int
userauth_passwd(struct ssh *ssh, const char *method)
{
char *password;
char *password = NULL;
int authenticated = 0, r;
u_char change;
size_t len;
size_t len = 0;
if ((r = sshpkt_get_u8(ssh, &change)) != 0 ||
(r = sshpkt_get_cstring(ssh, &password, &len)) != 0 ||
(change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) ||
(r = sshpkt_get_end(ssh)) != 0)
(r = sshpkt_get_end(ssh)) != 0) {
freezero(password, len);
fatal_fr(r, "parse packet");
}
if (change)
logit("password change not supported");