[openssh-commits] [openssh] 03/03: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Feb 8 09:26:59 AEDT 2018


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 1749991c55bab716877b7c687cbfbf19189ac6f1
Author: jsing at openbsd.org <jsing at openbsd.org>
Date:   Wed Feb 7 05:17:56 2018 +0000

    upstream commit
    
    Convert some explicit_bzero()/free() calls to freezero().
    
    ok deraadt@ dtucker@
    
    OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609
---
 ssh-rsa.c | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/ssh-rsa.c b/ssh-rsa.c
index 592822ae..89e3c8c7 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.64 2017/12/18 23:14:34 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.65 2018/02/07 05:17:56 jsing Exp $ */
 /*
  * Copyright (c) 2000, 2003 Markus Friedl <markus at openbsd.org>
  *
@@ -120,7 +120,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen, const char *alg_ident)
 {
 	u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;
-	size_t slen;
+	size_t slen = 0;
 	u_int dlen, len;
 	int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
 	struct sshbuf *b = NULL;
@@ -189,10 +189,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
 	ret = 0;
  out:
 	explicit_bzero(digest, sizeof(digest));
-	if (sig != NULL) {
-		explicit_bzero(sig, slen);
-		free(sig);
-	}
+	freezero(sig, slen);
 	sshbuf_free(b);
 	return ret;
 }
@@ -204,7 +201,7 @@ ssh_rsa_verify(const struct sshkey *key,
 {
 	char *sigtype = NULL;
 	int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
-	size_t len, diff, modlen, dlen;
+	size_t len = 0, diff, modlen, dlen;
 	struct sshbuf *b = NULL;
 	u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL;
 
@@ -269,10 +266,7 @@ ssh_rsa_verify(const struct sshkey *key,
 	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
 	    key->rsa);
  out:
-	if (sigblob != NULL) {
-		explicit_bzero(sigblob, len);
-		free(sigblob);
-	}
+	freezero(sigblob, len);
 	free(sigtype);
 	sshbuf_free(b);
 	explicit_bzero(digest, sizeof(digest));
@@ -394,10 +388,7 @@ openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
 	}
 	ret = 0;
 done:
-	if (decrypted) {
-		explicit_bzero(decrypted, rsasize);
-		free(decrypted);
-	}
+	freezero(decrypted, rsasize);
 	return ret;
 }
 #endif /* WITH_OPENSSL */

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list