upstream: explicit_bzero here to be consistent with other kex*.c;

report from coolbugcheckers AT gmail.com OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb
author: djm@openbsd.org <djm@openbsd.org> 2018-10-04 02:04:41 +0200
committer: Damien Miller <djm@mindrot.org> 2018-10-04 02:42:34 +0200
commit: 2d1428b11c8b6f616f070f2ecedce12328526944 (patch)
tree: cd162011c13b0961eaaada56756b5d072362b7df /kexgexs.c
parent: upstream: Allow ssh_config IdentityAgent directive to accept (diff)
download: openssh-2d1428b11c8b6f616f070f2ecedce12328526944.tar.xz
openssh-2d1428b11c8b6f616f070f2ecedce12328526944.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/kexgexs.c b/kexgexs.c
index ce934f88e..dc9c0bc60 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.33 2018/04/10 00:10:49 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.35 2018/10/04 00:04:41 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -240,6 +240,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
 	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
 		r = kex_send_newkeys(ssh);
  out:
+	explicit_bzero(hash, sizeof(hash));
 	DH_free(kex->dh);
 	kex->dh = NULL;
 	BN_clear_free(dh_client_pub);
author	djm@openbsd.org <djm@openbsd.org>	2018-10-04 02:04:41 +0200
committer	Damien Miller <djm@mindrot.org>	2018-10-04 02:42:34 +0200
commit	2d1428b11c8b6f616f070f2ecedce12328526944 (patch)
tree	cd162011c13b0961eaaada56756b5d072362b7df /kexgexs.c
parent	upstream: Allow ssh_config IdentityAgent directive to accept (diff)
download	openssh-2d1428b11c8b6f616f070f2ecedce12328526944.tar.xz openssh-2d1428b11c8b6f616f070f2ecedce12328526944.zip