78b3381ef8
The original comment indicates that using `bzero()` directly may result in dead store elimination, so they explicitly avoided calling `bzero()` as you do now. `explicit_bzero` is used in cryptographic software to clear keys from process memory after use, even if that memory is not read any more afterwards. Maybe it would be safer like this? (I copied the approach from https://android.googlesource.com/platform/external/openssh/+/refs/tags/android-6.0.1_r70/openbsd-compat/explicit_bzero.c, so that should work on Android.) Caveat, I was hand-editing the diff and did not find time to set up the toolchain to build this; but the general approach should work? |
||
|---|---|---|
| .. | ||
| Makefile.in.patch | ||
| auth.c.patch | ||
| auth2-passwd.c.patch | ||
| build.sh | ||
| fix-hardcoded-paths.patch | ||
| hostfile.c.patch | ||
| misc_c.patch | ||
| mux.c.patch | ||
| no_loginrec.patch | ||
| no_tty_chmod.patch | ||
| openbsd-compat-explicit_bzero.c.patch | ||
| openbsd-compat-xcrypt.c.patch | ||
| servconf.c.patch | ||
| session.c.patch | ||
| sftp-server.c.patch | ||
| sftp-with-agent.sh | ||
| source-ssh-agent.sh | ||
| ssh-agent.c.patch | ||
| ssh-keygen.c.patch | ||
| ssh-with-agent.sh | ||
| sshd.c.patch | ||
| sshd_config.5.patch | ||