From ae5c8cccaf04d4394448713220dfc56c9a013358 Mon Sep 17 00:00:00 2001
From: Antoine Jacoutot <ajacoutot@gnome.org>
Date: Sat, 10 Oct 2015 09:29:57 +0200
Subject: [PATCH] Sync with OpenBSD: Use explicit_bzero() instead of memset()
 for zeroing out secrets.

---
 login_passwd/login.c        | 1 +
 login_passwd/login_passwd.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/login_passwd/login.c b/login_passwd/login.c
index 29a9fc9..d278d4a 100644
--- a/login_passwd/login.c
+++ b/login_passwd/login.c
@@ -159,6 +159,7 @@ main(int argc, char **argv)
 
 	if (password != NULL)
 		memset(password, 0, strlen(password));
+		explicit_bzero(password, strlen(password));
 	if (ret != AUTH_OK)
 		fprintf(back, BI_REJECT "\n");
 
diff --git a/login_passwd/login_passwd.c b/login_passwd/login_passwd.c
index f646d89..f31e05c 100644
--- a/login_passwd/login_passwd.c
+++ b/login_passwd/login_passwd.c
@@ -54,7 +54,7 @@ pwd_login(char *username, char *password, char *wheel, int lastchance,
 	if (crypt_checkpass(password, goodhash) == 0)
 		passok = 1;
 	plen = strlen(password);
-	memset(password, 0, plen);
+	explicit_bzero(password, plen);
 
 	if (!passok)
 		return (AUTH_FAILED);
-- 
2.11.4.GIT