===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.203
retrieving revision 1.204
diff -u -r1.203 -r1.204
--- src/usr.bin/ssh/sshconnect2.c	2014/01/31 16:39:19	1.203
+++ src/usr.bin/ssh/sshconnect2.c	2014/02/02 03:44:32	1.204
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.203 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -863,7 +863,7 @@
 	packet_put_cstring(authctxt->method->name);
 	packet_put_char(0);
 	packet_put_cstring(password);
-	memset(password, 0, strlen(password));
+	explicit_bzero(password, strlen(password));
 	free(password);
 	packet_add_padding(64);
 	packet_send();
@@ -909,7 +909,7 @@
 	    authctxt->server_user, host);
 	password = read_passphrase(prompt, 0);
 	packet_put_cstring(password);
-	memset(password, 0, strlen(password));
+	explicit_bzero(password, strlen(password));
 	free(password);
 	password = NULL;
 	while (password == NULL) {
@@ -926,16 +926,16 @@
 		    authctxt->server_user, host);
 		retype = read_passphrase(prompt, 0);
 		if (strcmp(password, retype) != 0) {
-			memset(password, 0, strlen(password));
+			explicit_bzero(password, strlen(password));
 			free(password);
 			logit("Mismatch; try again, EOF to quit.");
 			password = NULL;
 		}
-		memset(retype, 0, strlen(retype));
+		explicit_bzero(retype, strlen(retype));
 		free(retype);
 	}
 	packet_put_cstring(password);
-	memset(password, 0, strlen(password));
+	explicit_bzero(password, strlen(password));
 	free(password);
 	packet_add_padding(64);
 	packet_send();
@@ -1120,7 +1120,7 @@
 				debug2("no passphrase given, try next key");
 				quit = 1;
 			}
-			memset(passphrase, 0, strlen(passphrase));
+			explicit_bzero(passphrase, strlen(passphrase));
 			free(passphrase);
 			if (private != NULL || quit)
 				break;
@@ -1379,7 +1379,7 @@
 		response = read_passphrase(prompt, echo ? RP_ECHO : 0);
 
 		packet_put_cstring(response);
-		memset(response, 0, strlen(response));
+		explicit_bzero(response, strlen(response));
 		free(response);
 		free(prompt);
 	}
@@ -1549,7 +1549,7 @@
 	packet_put_cstring(chost);
 	packet_put_cstring(authctxt->local_user);
 	packet_put_string(signature, slen);
-	memset(signature, 's', slen);
+	explicit_bzero(signature, slen);
 	free(signature);
 	free(chost);
 	free(pkalg);