From 102b3fa4c8bc36546cf54c2eff09cb3daed72558 Mon Sep 17 00:00:00 2001
From: Guido van Rooij <guido@FreeBSD.org>
Date: Thu, 17 Oct 1996 18:27:58 +0000
Subject: [PATCH] When freeing buffers in the db routines, also zeroize them
 This should solve the bug where a coredumping ftpd reveals encrypted
 passwords. Obtained from: OpenBSD

---
 lib/libc/db/hash/hash_buf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/libc/db/hash/hash_buf.c b/lib/libc/db/hash/hash_buf.c
index 92e1f933adb..b9cd4901112 100644
--- a/lib/libc/db/hash/hash_buf.c
+++ b/lib/libc/db/hash/hash_buf.c
@@ -331,8 +331,10 @@ __buf_free(hashp, do_free, to_disk)
 		}
 		/* Check if we are freeing stuff */
 		if (do_free) {
-			if (bp->page)
+			if (bp->page) {
+				(void)memset(bp->page, 0, hashp->BSIZE);
 				free(bp->page);
+			}
 			BUF_REMOVE(bp);
 			free(bp);
 			bp = LRU;