From 2d1428b11c8b6f616f070f2ecedce12328526944 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 4 Oct 2018 00:04:41 +0000
Subject: upstream: explicit_bzero here to be consistent with other kex*.c;

report from coolbugcheckers AT gmail.com

OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb
---
 kexgexs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'kexgexs.c')

diff --git a/kexgexs.c b/kexgexs.c
index ce934f88..dc9c0bc6 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.33 2018/04/10 00:10:49 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.35 2018/10/04 00:04:41 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -240,6 +240,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
 	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
 		r = kex_send_newkeys(ssh);
  out:
+	explicit_bzero(hash, sizeof(hash));
 	DH_free(kex->dh);
 	kex->dh = NULL;
 	BN_clear_free(dh_client_pub);
-- 
cgit v1.2.3