diff options
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/ssh-add.c b/ssh-add.c index 8057eb1fe14e..a40198ab5887 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.155 2020/03/16 02:17:02 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -90,7 +90,7 @@ static char *default_files[] = { static int fingerprint_hash = SSH_FP_HASH_DEFAULT; /* Default lifetime (0 == forever) */ -static int lifetime = 0; +static long lifetime = 0; /* User has to confirm key use */ static int confirm = 0; @@ -105,8 +105,7 @@ static void clear_pass(void) { if (pass) { - explicit_bzero(pass, strlen(pass)); - free(pass); + freezero(pass, strlen(pass)); pass = NULL; } } @@ -328,7 +327,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, filename, comment); if (lifetime != 0) { fprintf(stderr, - "Lifetime set to %d seconds\n", lifetime); + "Lifetime set to %ld seconds\n", lifetime); } if (confirm != 0) { fprintf(stderr, "The user must confirm " @@ -384,7 +383,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, fprintf(stderr, "Certificate added: %s (%s)\n", certpath, private->cert->key_id); if (lifetime != 0) { - fprintf(stderr, "Lifetime set to %d seconds\n", + fprintf(stderr, "Lifetime set to %ld seconds\n", lifetime); } if (confirm != 0) { @@ -521,8 +520,7 @@ lock_agent(int agent_fd, int lock) fprintf(stderr, "Passwords do not match.\n"); passok = 0; } - explicit_bzero(p2, strlen(p2)); - free(p2); + freezero(p2, strlen(p2)); } if (passok) { if ((r = ssh_lock_agent(agent_fd, lock, p1)) == 0) { @@ -533,8 +531,7 @@ lock_agent(int agent_fd, int lock) lock ? "" : "un", ssh_err(r)); } } - explicit_bzero(p1, strlen(p1)); - free(p1); + freezero(p1, strlen(p1)); return (ret); } @@ -571,7 +568,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag) sshkey_type(keys[i]), fp); if (lifetime != 0) { fprintf(stderr, - "Lifetime set to %d seconds\n", lifetime); + "Lifetime set to %ld seconds\n", lifetime); } if (confirm != 0) { fprintf(stderr, "The user must confirm " @@ -720,7 +717,8 @@ main(int argc, char **argv) pkcs11provider = optarg; break; case 't': - if ((lifetime = convtime(optarg)) == -1) { + if ((lifetime = convtime(optarg)) == -1 || + lifetime < 0 || (u_long)lifetime > UINT32_MAX) { fprintf(stderr, "Invalid lifetime\n"); ret = 1; goto done; |