fix calls to memset_s

In random_password() and DES3_string_to_key(), do not call memset_s() with the sizeof a pointer. Change-Id: I7dd49b9f717e1cb5c262f2d375d2b85be82cd2db
2017-04-29 13:50:57 -04:00
parent 02ea07f93d
commit 029d32580a
2 changed files with 3 additions and 2 deletions
--- a/kadmin/random_password.c
+++ b/kadmin/random_password.c
@@ -68,7 +68,8 @@ random_password(char *pw, size_t len)
 		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2,
 		      "@$%&*()-+=:,/<>1234567890", 1);
    strlcpy(pw, pass, len);
-    memset_s(pass, sizeof(pass), 0, strlen(pass));
+    len = strlen(pass);
+    memset_s(pass, len, 0, len);
    free(pass);
 #endif
 }
--- a/lib/krb5/salt-des3.c
+++ b/lib/krb5/salt-des3.c
@@ -91,7 +91,7 @@ DES3_string_to_key(krb5_context context,
    key->keytype = enctype;
    krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
    memset_s(keys, sizeof(keys), 0, sizeof(keys));
-    memset_s(str, sizeof(str), 0, len);
+    memset_s(str, len, 0, len);
    free(str);
    return 0;
 }