auth: Set buffer used to store password as secure

This will make such buffer to be explicity overwritten with zeroes when
freed.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

1 files changed, 3 insertions, 0 deletions

diff --git a/src/auth.c b/src/auth.c
index c89088c5..2e26d97f 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -1277,6 +1277,9 @@ int ssh_userauth_password(ssh_session session,
         goto fail;
     }
 
+    /* Set the buffer as secure to be explicitly zeroed when freed */
+    ssh_buffer_set_secure(session->out_buffer);
+
     session->auth.current_method = SSH_AUTH_METHOD_PASSWORD;
     session->auth.state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT;
     session->pending_call_state = SSH_PENDING_CALL_AUTH_PASSWORD;