These seem like they were definitely meant to be explicit zeroings.
Index: pfkey.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v
retrieving revision 1.44
diff -u -p -r1.44 pfkey.c
--- pfkey.c 10 Feb 2015 05:18:39 -0000 1.44
+++ pfkey.c 10 Sep 2015 18:35:12 -0000
@@ -464,14 +464,14 @@ pfkey_reply(int sd, u_int32_t *spip)
len = hdr.sadb_msg_len * PFKEY2_CHUNK;
if (read(sd, data, len) != len) {
log_warn("pfkey read");
- bzero(data, len);
+ explicit_bzero(data, len);
free(data);
return (-1);
}
if (hdr.sadb_msg_type == SADB_GETSPI) {
if (spip == NULL) {
- bzero(data, len);
+ explicit_bzero(data, len);
free(data);
return (0);
}
@@ -489,7 +489,7 @@ pfkey_reply(int sd, u_int32_t *spip)
}
}
}
- bzero(data, len);
+ explicit_bzero(data, len);
free(data);
return (0);
}
