From 4411448bfdefc0cd72edefafd071126cceaa8071 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Wed, 15 Apr 2020 08:58:27 +1000
Subject: [PATCH] krb5: always zero elastic storage

Elastic storage (returned from krb5_storage_emem()) often contains secret keys.
Ensure memory is zeroed on free using memset_s() rather than memset().
---
 lib/krb5/store_emem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/krb5/store_emem.c b/lib/krb5/store_emem.c
index 6d95bcf52..d3eef5b1e 100644
--- a/lib/krb5/store_emem.c
+++ b/lib/krb5/store_emem.c
@@ -139,7 +139,7 @@ static void
 emem_free(krb5_storage *sp)
 {
     emem_storage *s = sp->data;
-    memset(s->base, 0, s->len);
+    memset_s(s->base, s->len, 0, s->len);
     free(s->base);
 }