From 69d214b51963ab91e9861665b86523a769a7907a Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Sun, 16 Nov 2025 16:19:27 -0600
Subject: [PATCH] krb5: _krb5_pk_octetstring2key() fails to clear keydata

---
 lib/krb5/crypto-pk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/krb5/crypto-pk.c b/lib/krb5/crypto-pk.c
index 24a07cdbd..a98d908ab 100644
--- a/lib/krb5/crypto-pk.c
+++ b/lib/krb5/crypto-pk.c
@@ -97,7 +97,7 @@ _krb5_pk_octetstring2key(krb5_context context,
     EVP_MD_CTX_destroy(m);
 
     ret = krb5_random_to_key(context, type, keydata, keylen, key);
-    memset_s(keydata, sizeof(keylen), 0, sizeof(keylen));
+    memset_s(keydata, keylen, 0, keylen);
     free(keydata);
     return ret;
 }
@@ -288,7 +288,7 @@ _krb5_pk_kdf(krb5_context context,
     free(other.data);
 
     ret = krb5_random_to_key(context, enctype, keydata, keylen, key);
-    memset_s(keydata, sizeof(keylen), 0, sizeof(keylen));
+    memset_s(keydata, keylen, 0, keylen);
     free(keydata);
 
     return ret;