CVSROOT: /cvs Module name: src Changes by: mes...@cvs.openbsd.org 2017/05/03 03:51:39
Modified files: sbin/init : init.c usr.bin/encrypt: encrypt.c usr.bin/lock : lock.c usr.bin/skey : skey.c usr.bin/x99token: x99token.c usr.sbin/tokeninit: tokeninit.c Log message: Use the safe idiom of cleaning sensitive data from memory with explicit_bzero, instead of relying on other methods, after readpassphrase. Some programs on this diff won't benefit that much since it happens near the terminal path, but someone might copy the unsafe idiom to another program and place it where it may leak sensitive data. Discussed aeons ago with tb@, OK deraadt@ and beck@