When freeing buffers in the db routines, also zeroize them

This should solve the bug where a coredumping ftpd reveals encrypted passwords. Obtained from: OpenBSD
1996-10-17 18:27:58 +00:00 · 1996-10-17 18:27:58 +00:00 · 102b3fa4c8
commit 102b3fa4c8
parent 0082fb4657
1 changed files with 3 additions and 1 deletions
--- a/lib/libc/db/hash/hash_buf.c
+++ b/lib/libc/db/hash/hash_buf.c
@ -331,8 +331,10 @@ __buf_free(hashp, do_free, to_disk)
 		}
 		/* Check if we are freeing stuff */
 		if (do_free) {
-			if (bp->page)
+			if (bp->page) {
+				(void)memset(bp->page, 0, hashp->BSIZE);
 				free(bp->page);
+			}
 			BUF_REMOVE(bp);
 			free(bp);
 			bp = LRU;