memset() -> explicit_bzero() in login_yubikey(8)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

memset() -> explicit_bzero() in login_yubikey(8)

Michael McConville-2
Does this look right?


Index: login_yubikey.c
===================================================================
RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v
retrieving revision 1.10
diff -u -p -r1.10 login_yubikey.c
--- login_yubikey.c 16 Jan 2015 06:39:50 -0000 1.10
+++ login_yubikey.c 10 Sep 2015 17:05:02 -0000
@@ -152,7 +152,7 @@ main(int argc, char *argv[])
  }
 
  ret = yubikey_login(username, password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
  if (ret == AUTH_OK) {
  syslog(LOG_INFO, "user %s: authorize", username);
  fprintf(f, "%s\n", BI_AUTH);

Reply | Threaded
Open this post in threaded view
|

Re: memset() -> explicit_bzero() in login_yubikey(8)

Todd C. Miller
On Thu, 10 Sep 2015 13:07:17 -0400, Michael McConville wrote:

> Does this look right?

Yes.

 - todd