From 5104c86a2bc943def4a420e2e68eca277de54940 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Fri, 15 Mar 2019 15:51:05 +0100 Subject: [PATCH] auth: Set buffer used to store password as secure This will make such buffer to be explicity overwritten with zeroes when freed. Signed-off-by: Anderson Toshiyuki Sasaki Reviewed-by: Andreas Schneider --- src/auth.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/auth.c b/src/auth.c index c89088c5..2e26d97f 100644 --- a/src/auth.c +++ b/src/auth.c @@ -1277,6 +1277,9 @@ int ssh_userauth_password(ssh_session session, goto fail; } + /* Set the buffer as secure to be explicitly zeroed when freed */ + ssh_buffer_set_secure(session->out_buffer); + session->auth.current_method = SSH_AUTH_METHOD_PASSWORD; session->auth.state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT; session->pending_call_state = SSH_PENDING_CALL_AUTH_PASSWORD;