upstream: f sshpkt functions fail, then password is not cleared

author dtucker@openbsd.org <dtucker@openbsd.org>

Fri, 27 May 2022 04:29:40 +0000 (04:29 +0000)

committer Darren Tucker <dtucker@dtucker.net>

Fri, 27 May 2022 04:59:17 +0000 (14:59 +1000)
author dtucker@openbsd.org <dtucker@openbsd.org>
Fri, 27 May 2022 04:29:40 +0000 (04:29 +0000)
committer Darren Tucker <dtucker@dtucker.net>
Fri, 27 May 2022 04:59:17 +0000 (14:59 +1000)
diff --git a/auth2-passwd.c b/auth2-passwd.c

index f8a6dbc193957c99f653647a7a07f677002b833a..cc12cfbc1f1ae30aacd4accd9f16857375f8cbc2 100644 (file)
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.20 2021/12/19 22:12:07 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.21 2022/05/27 04:29:40 dtucker Exp $ */
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
   *
@@ -51,16 +51,18 @@ extern ServerOptions options;
  static int
  userauth_passwd(struct ssh *ssh, const char *method)
  {
-       char *password;
+       char *password = NULL;
         int authenticated = 0, r;
         u_char change;
-       size_t len;
+       size_t len = 0;
  
         if ((r = sshpkt_get_u8(ssh, &change)) != 0 ||
             (r = sshpkt_get_cstring(ssh, &password, &len)) != 0 ||
             (change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) ||
-           (r = sshpkt_get_end(ssh)) != 0)
+           (r = sshpkt_get_end(ssh)) != 0) {
+               freezero(password, len);
                 fatal_fr(r, "parse packet");
+       }
  
         if (change)
                 logit("password change not supported");
author	dtucker@openbsd.org <dtucker@openbsd.org>
	Fri, 27 May 2022 04:29:40 +0000 (04:29 +0000)
committer	Darren Tucker <dtucker@dtucker.net>
	Fri, 27 May 2022 04:59:17 +0000 (14:59 +1000)