diff options
| author | guido <guido@FreeBSD.org> | 1996-10-17 18:27:58 +0000 |
|---|---|---|
| committer | guido <guido@FreeBSD.org> | 1996-10-17 18:27:58 +0000 |
| commit | 389ebaa4bfce63608aa7efa5d9130002ccfe764e (patch) | |
| tree | 3c5900e5c782301de49dc42e0a6431c496957235 /lib/libc/db | |
| parent | 1647f577a7ae13895a17f67dc7ea5f15b1c1a4e6 (diff) | |
| download | FreeBSD-src-389ebaa4bfce63608aa7efa5d9130002ccfe764e.zip FreeBSD-src-389ebaa4bfce63608aa7efa5d9130002ccfe764e.tar.gz | |
When freeing buffers in the db routines, also zeroize them
This should solve the bug where a coredumping ftpd reveals
encrypted passwords.
Obtained from: OpenBSD
Diffstat (limited to 'lib/libc/db')
| -rw-r--r-- | lib/libc/db/hash/hash_buf.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libc/db/hash/hash_buf.c b/lib/libc/db/hash/hash_buf.c index 92e1f93..b9cd490 100644 --- a/lib/libc/db/hash/hash_buf.c +++ b/lib/libc/db/hash/hash_buf.c @@ -331,8 +331,10 @@ __buf_free(hashp, do_free, to_disk) } /* Check if we are freeing stuff */ if (do_free) { - if (bp->page) + if (bp->page) { + (void)memset(bp->page, 0, hashp->BSIZE); free(bp->page); + } BUF_REMOVE(bp); free(bp); bp = LRU; |
