Index | Thread | Search

From:
Rafael Sadowski <rafael@sizeofvoid.org>
Subject:
relayd: use explicit_bzero in ssl_password_cb
To:
tech@openbsd.org
Date:
Fri, 15 May 2026 16:40:08 +0200

Download raw body.

Thread 
Hi,

The following diff replaces bzero with explicit_bzero in the SSL
password callback. Since ssl_password_cb handles sensitive data a
standard bzero could be optimized away by the compiler.

Additionally, this ensures the buffer is cleared if strlcpy fails due to
truncation, preventing password fragments from lingering in memory.

OK?

Rafael

Index: ssl.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/ssl.c,v
diff -u -p -r1.38 ssl.c
--- ssl.c	2 Mar 2026 19:28:01 -0000	1.38
+++ ssl.c	15 May 2026 14:35:33 -0000
@@ -38,11 +38,13 @@ ssl_password_cb(char *buf, int size, int
 {
 	size_t	len;
 	if (u == NULL) {
-		bzero(buf, size);
+		explicit_bzero(buf, size);
 		return (0);
 	}
-	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
+	if ((len = strlcpy(buf, u, size)) >= (size_t)size) {
+		explicit_bzero(buf, size);
 		return (0);
+	}
 	return (len);
 }