From 029d32580a3b04550ff736d8878d331dcfca864f Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sat, 29 Apr 2017 13:50:57 -0400
Subject: [PATCH] fix calls to memset_s

In random_password() and DES3_string_to_key(), do not call
memset_s() with the sizeof a pointer.

Change-Id: I7dd49b9f717e1cb5c262f2d375d2b85be82cd2db
---
 kadmin/random_password.c | 3 ++-
 lib/krb5/salt-des3.c     | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/kadmin/random_password.c b/kadmin/random_password.c
index 93e5d761c..bf8bf8b3f 100644
--- a/kadmin/random_password.c
+++ b/kadmin/random_password.c
@@ -68,7 +68,8 @@ random_password(char *pw, size_t len)
 		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2,
 		      "@$%&*()-+=:,/<>1234567890", 1);
     strlcpy(pw, pass, len);
-    memset_s(pass, sizeof(pass), 0, strlen(pass));
+    len = strlen(pass);
+    memset_s(pass, len, 0, len);
     free(pass);
 #endif
 }
diff --git a/lib/krb5/salt-des3.c b/lib/krb5/salt-des3.c
index c4d2d7556..8cb73cf46 100644
--- a/lib/krb5/salt-des3.c
+++ b/lib/krb5/salt-des3.c
@@ -91,7 +91,7 @@ DES3_string_to_key(krb5_context context,
     key->keytype = enctype;
     krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
     memset_s(keys, sizeof(keys), 0, sizeof(keys));
-    memset_s(str, sizeof(str), 0, len);
+    memset_s(str, len, 0, len);
     free(str);
     return 0;
 }