oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

free always "ctx->password" when it isn't needed anymore

Browse Source 
Patch originally from Matthias Dieter Wallnöfer, changed by me to keep
clearing the password from memory.
This commit is contained in:
Love Hornquist Astrand
2010-03-16 10:04:20 -07:00
parent 313a2243bb
commit 50990d61cf
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/krb5/init_creds_pw.c
View File

@@ -136,6 +136,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
free(ctx->in_tkt_service);
if (ctx->keytab_data)
free(ctx->keytab_data);
if (ctx->password) {
memset(ctx->password, 0, strlen(ctx->password));
free(ctx->password);
}
krb5_data_free(&ctx->req_buffer);
krb5_free_cred_contents(context, &ctx->cred);
free_METHOD_DATA(&ctx->md);
@@ -1431,8 +1435,10 @@ krb5_init_creds_set_password(krb5_context context,
krb5_init_creds_context ctx,
const char *password)
{
if (ctx->password)
if (ctx->password) {
memset(ctx->password, 0, strlen(ctx->password));
free(ctx->password);
}
if (password) {
ctx->password = strdup(password);
if (ctx->password == NULL) {