===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/bufaux.c,v
retrieving revision 1.55
retrieving revision 1.57
diff -u -r1.55 -r1.57
--- src/usr.bin/ssh/Attic/bufaux.c	2014/01/31 16:39:19	1.55
+++ src/usr.bin/ssh/Attic/bufaux.c	2014/04/16 23:22:45	1.57
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -344,7 +344,7 @@
 	}
 	ret = xmalloc(len);
 	memcpy(ret, p, len);
-	memset(p, '\0', len);
+	explicit_bzero(p, len);
 	free(bin);
 	return ret;
 }
@@ -370,6 +370,9 @@
 
 	if (l > 8 * 1024)
 		fatal("%s: length %u too long", __func__, l);
+	/* Skip leading zero bytes */
+	for (; l > 0 && *s == 0; l--, s++)
+		;
 	p = buf = xmalloc(l + 1);
 	/*
 	 * If most significant bit is set then prepend a zero byte to
@@ -381,7 +384,7 @@
 	}
 	memcpy(p, s, l);
 	buffer_put_string(buffer, buf, l + pad);
-	memset(buf, '\0', l + pad);
+	explicit_bzero(buf, l + pad);
 	free(buf);
 }