Hi,
In the one-time password case we want to wipe the hash itself
before exit, right?
This must have slipped through when tedu@ patiently rewrote
and committed my botched patch a little while back.
--
Scott Cheloha
P.S. I didn't botch it this time, right?
Index: usr.bin/lock/lock.c
===================================================================
RCS file: /cvs/src/usr.bin/lock/lock.c,v
retrieving revision 1.40
diff -u -p -r1.40 lock.c
--- usr.bin/lock/lock.c 8 Jul 2017 22:27:17 -0000 1.40
+++ usr.bin/lock/lock.c 31 Aug 2017 01:41:09 -0000
@@ -211,7 +211,7 @@ main(int argc, char *argv[])
}
} else if (crypt_checkpass(s, hash) == 0) {
explicit_bzero(s, sizeof(s));
- explicit_bzero(s1, sizeof(s1));
+ explicit_bzero(hash, sizeof(hash));
break;
}
putc('\a', stderr);
