On Thu, Sep 10, 2015 at 02:36:41PM -0400, Michael McConville wrote:
> These seem like they were definitely meant to be explicit zeroings.
>
OK claudio@
>
> Index: pfkey.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 pfkey.c
> --- pfkey.c 10 Feb 2015 05:18:39 -0000 1.44
> +++ pfkey.c 10 Sep 2015 18:35:12 -0000
> @@ -464,14 +464,14 @@ pfkey_reply(int sd, u_int32_t *spip)
> len = hdr.sadb_msg_len * PFKEY2_CHUNK;
> if (read(sd, data, len) != len) {
> log_warn("pfkey read");
> - bzero(data, len);
> + explicit_bzero(data, len);
> free(data);
> return (-1);
> }
>
> if (hdr.sadb_msg_type == SADB_GETSPI) {
> if (spip == NULL) {
> - bzero(data, len);
> + explicit_bzero(data, len);
> free(data);
> return (0);
> }
> @@ -489,7 +489,7 @@ pfkey_reply(int sd, u_int32_t *spip)
> }
> }
> }
> - bzero(data, len);
> + explicit_bzero(data, len);
> free(data);
> return (0);
> }
>
--
:wq Claudio
