auth: Set buffer used to store password as secure

This will make such buffer to be explicity overwritten with zeroes when freed. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-11-30 13:01:23 +03:00 · 2019-03-15 15:51:05 +01:00
parent 144e551614
commit 5104c86a2b
1 changed files with 3 additions and 0 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -1277,6 +1277,9 @@ int ssh_userauth_password(ssh_session session,
        goto fail;
    }

+    /* Set the buffer as secure to be explicitly zeroed when freed */
+    ssh_buffer_set_secure(session->out_buffer);
+
    session->auth.current_method = SSH_AUTH_METHOD_PASSWORD;
    session->auth.state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT;
    session->pending_call_state = SSH_PENDING_CALL_AUTH_PASSWORD;