===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- src/usr.bin/doas/doas.c	2018/08/08 18:32:51	1.73
+++ src/usr.bin/doas/doas.c	2019/01/17 05:35:35	1.74
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.73 2018/08/08 18:32:51 deraadt Exp $ */
+/* $OpenBSD: doas.c,v 1.74 2019/01/17 05:35:35 tedu Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -226,6 +226,7 @@
 		errx(1, "a tty is required");
 	}
 	if (!auth_userresponse(as, response, 0)) {
+		explicit_bzero(rbuf, sizeof(rbuf));
 		syslog(LOG_AUTHPRIV | LOG_NOTICE,
 		    "failed auth for %s", myname);
 		errx(1, "Authorization failed");