From 244158ab2eef4180a9ccb8a5cafcef6c7d71902e Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sat, 10 May 2014 01:25:07 -0700
Subject: [PATCH] pwhash: return a zeroed output buffer on error paths.

---
 .../scryptxsalsa208sha256/pwhash_scryptxsalsa208sha256.c        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/pwhash_scryptxsalsa208sha256.c b/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/pwhash_scryptxsalsa208sha256.c
index ed410ba2..de33dd99 100644
--- a/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/pwhash_scryptxsalsa208sha256.c
+++ b/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/pwhash_scryptxsalsa208sha256.c
@@ -74,6 +74,7 @@ crypto_pwhash_scryptxsalsa208sha256(unsigned char * const out,
     uint32_t p;
     uint32_t r;
 
+    memset(out, 0, outlen);
     if (passwdlen > SIZE_MAX || outlen > SIZE_MAX) {
         errno = EFBIG;
         return -1;
@@ -103,6 +104,7 @@ crypto_pwhash_scryptxsalsa208sha256_str(char out[crypto_pwhash_scryptxsalsa208sh
     uint32_t        p;
     uint32_t        r;
 
+    memset(out, 0, crypto_pwhash_scryptxsalsa208sha256_STRBYTES);
     if (passwdlen > SIZE_MAX) {
         errno = EFBIG;
         return -1;