-/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
+#include "misc.h"
#include "servconf.h"
/* import */
if (change) {
/* discard new password from packet */
newpass = packet_get_string(&newlen);
- memset(newpass, 0, newlen);
- xfree(newpass);
+ explicit_bzero(newpass, newlen);
+ free(newpass);
}
packet_check_eom();
if (change)
logit("password change not supported");
+#if !defined(ANDROID)
+ /* no password authentication in Android */
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
- memset(password, 0, len);
- xfree(password);
+#endif
+ explicit_bzero(password, len);
+ free(password);
return authenticated;
}