From 223d6caabd2ebaa8f0498a4e33b3418661173dad Mon Sep 17 00:00:00 2001
From: Kyle Evans <kevans@FreeBSD.org>
Date: Tue, 2 Mar 2021 21:38:37 -0600
Subject: [PATCH] init: use explicit_bzero() for clearing passwords

This is a nop in practice, because it cannot be proven that this
particular bzero() is not significant.  Make it explicit anyways, rather
than relying on an implementation detail of how the password is
collected.

Discussed with:	Andrew Gierth <andrew tao146 riddles org uk>

(cherry picked from commit 852f70b24043885f0e438e8fecedd482a9a96d5e)
---
 sbin/init/init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sbin/init/init.c b/sbin/init/init.c
index c5f3c121f7f..943db9f26bd 100644
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@@ -908,7 +908,7 @@ single_user(void)
 				if (clear == NULL || *clear == '\0')
 					_exit(0);
 				password = crypt(clear, pp->pw_passwd);
-				bzero(clear, _PASSWORD_LEN);
+				explicit_bzero(clear, _PASSWORD_LEN);
 				if (password != NULL &&
 				    strcmp(password, pp->pw_passwd) == 0)
 					break;