diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-03-15 15:51:05 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-03-25 18:47:55 +0100 |
commit | 5104c86a2bc943def4a420e2e68eca277de54940 (patch) | |
tree | 8a19098fb58d4d2fd92504b53747e076f60d7f5c | |
parent | 144e5516149aa2dabfbe17e892eb7048388beca6 (diff) | |
download | libssh-5104c86a2bc943def4a420e2e68eca277de54940.tar.gz libssh-5104c86a2bc943def4a420e2e68eca277de54940.tar.xz libssh-5104c86a2bc943def4a420e2e68eca277de54940.zip |
auth: Set buffer used to store password as secure
This will make such buffer to be explicity overwritten with zeroes when
freed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/auth.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -1277,6 +1277,9 @@ int ssh_userauth_password(ssh_session session, goto fail; } + /* Set the buffer as secure to be explicitly zeroed when freed */ + ssh_buffer_set_secure(session->out_buffer); + session->auth.current_method = SSH_AUTH_METHOD_PASSWORD; session->auth.state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT; session->pending_call_state = SSH_PENDING_CALL_AUTH_PASSWORD; |