From 50990d61cf000cc8e241f9825977e8176824705d Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Tue, 16 Mar 2010 10:04:20 -0700
Subject: [PATCH] free always "ctx->password" when it isn't needed anymore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Patch originally from Matthias Dieter Wallnöfer, changed by me to keep
clearing the password from memory.
---
 lib/krb5/init_creds_pw.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c
index 906f926eb..1921bc167 100644
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -136,6 +136,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
 	free(ctx->in_tkt_service);
     if (ctx->keytab_data)
 	free(ctx->keytab_data);
+    if (ctx->password) {
+	memset(ctx->password, 0, strlen(ctx->password));
+	free(ctx->password);
+    }
     krb5_data_free(&ctx->req_buffer);
     krb5_free_cred_contents(context, &ctx->cred);
     free_METHOD_DATA(&ctx->md);
@@ -1431,8 +1435,10 @@ krb5_init_creds_set_password(krb5_context context,
 			     krb5_init_creds_context ctx,
 			     const char *password)
 {
-    if (ctx->password)
+    if (ctx->password) {
 	memset(ctx->password, 0, strlen(ctx->password));
+	free(ctx->password);
+    }
     if (password) {
 	ctx->password = strdup(password);
 	if (ctx->password == NULL) {