diff options
| author | Adam Langley <agl@google.com> | 2015-03-30 14:49:51 -0700 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-04-07 17:50:50 -0700 |
| commit | d059297112922cabb0c674840589be8db821fd9a (patch) | |
| tree | 9c2045d28ec1c8594090f38bc32e9f523dc6c68d /auth2-passwd.c | |
| parent | f5c67b478bef9992de9e9ec91ce10af4f6205e0d (diff) | |
external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
Diffstat (limited to 'auth2-passwd.c')
| -rw-r--r-- | auth2-passwd.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/auth2-passwd.c b/auth2-passwd.c index 4dd3816c..09cf077c 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -41,6 +41,7 @@ #include "ssh-gss.h" #endif #include "monitor_wrap.h" +#include "misc.h" #include "servconf.h" /* import */ @@ -59,20 +60,20 @@ userauth_passwd(Authctxt *authctxt) if (change) { /* discard new password from packet */ newpass = packet_get_string(&newlen); - memset(newpass, 0, newlen); - xfree(newpass); + explicit_bzero(newpass, newlen); + free(newpass); } packet_check_eom(); if (change) logit("password change not supported"); -#ifndef ANDROID - /* no password authentication in android */ +#if !defined(ANDROID) + /* no password authentication in Android */ else if (PRIVSEP(auth_password(authctxt, password)) == 1) authenticated = 1; #endif - memset(password, 0, len); - xfree(password); + explicit_bzero(password, len); + free(password); return authenticated; } |