On Fri, 15 May 2026 16:40:08 +0200,
Rafael Sadowski <rafael@sizeofvoid.org> wrote:
> 
> Hi,
> 
> The following diff replaces bzero with explicit_bzero in the SSL
> password callback. Since ssl_password_cb handles sensitive data a
> standard bzero could be optimized away by the compiler.
> 
> Additionally, this ensures the buffer is cleared if strlcpy fails due to
> truncation, preventing password fragments from lingering in memory.
> 
> OK?
>

Make sends and reads OK kirill@

> Rafael
> 
> Index: ssl.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/relayd/ssl.c,v
> diff -u -p -r1.38 ssl.c
> --- ssl.c	2 Mar 2026 19:28:01 -0000	1.38
> +++ ssl.c	15 May 2026 14:35:33 -0000
> @@ -38,11 +38,13 @@ ssl_password_cb(char *buf, int size, int
>  {
>  	size_t	len;
>  	if (u == NULL) {
> -		bzero(buf, size);
> +		explicit_bzero(buf, size);
>  		return (0);
>  	}
> -	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
> +	if ((len = strlcpy(buf, u, size)) >= (size_t)size) {
> +		explicit_bzero(buf, size);
>  		return (0);
> +	}
>  	return (len);
>  }
>  
> 

-- 
wbr, Kirill