diff --git a/appl/su/su.c b/appl/su/su.c index 531bcdb61..488fd099c 100644 --- a/appl/su/su.c +++ b/appl/su/su.c @@ -303,7 +303,7 @@ verify_unix(struct passwd *login, struct passwd *su) if(r != 0) exit(0); pw = crypt(pw_buf, su->pw_passwd); - memset(pw_buf, 0, sizeof(pw_buf)); + memset_s(pw_buf, sizeof(pw_buf), 0, sizeof(pw_buf)); if(strcmp(pw, su->pw_passwd) != 0) { syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password", login->pw_name, su->pw_name); diff --git a/kadmin/cpw.c b/kadmin/cpw.c index 425575d89..28cd30b52 100644 --- a/kadmin/cpw.c +++ b/kadmin/cpw.c @@ -76,7 +76,7 @@ set_random_password (krb5_principal principal, int keepold) printf ("%s's password set to \"%s\"\n", princ_name, pw); free (princ_name); } - memset (pw, 0, sizeof(pw)); + memset_s(pw, sizeof(pw), 0, sizeof(pw)); return ret; } @@ -108,7 +108,7 @@ set_password (krb5_principal principal, char *password, int keepold) if(ret == 0) ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL, password); - memset(pwbuf, 0, sizeof(pwbuf)); + memset_s(pwbuf, sizeof(pwbuf), 0, sizeof(pwbuf)); return ret; } diff --git a/kadmin/random_password.c b/kadmin/random_password.c index 970e99d34..93e5d761c 100644 --- a/kadmin/random_password.c +++ b/kadmin/random_password.c @@ -68,7 +68,7 @@ random_password(char *pw, size_t len) "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2, "@$%&*()-+=:,/<>1234567890", 1); strlcpy(pw, pass, len); - memset(pass, 0, strlen(pass)); + memset_s(pass, sizeof(pass), 0, strlen(pass)); free(pass); #endif } @@ -155,7 +155,7 @@ generate_password(char **pw, int num_classes, ...) } } (*pw)[len] = '\0'; - memset(rbuf, 0, sizeof(rbuf)); + memset_s(rbuf, sizeof(rbuf), 0, sizeof(rbuf)); free(classes); } #endif diff --git a/kuser/kinit.c b/kuser/kinit.c index 174c4fe3c..dcb86bcf1 100644 --- a/kuser/kinit.c +++ b/kuser/kinit.c @@ -677,7 +677,7 @@ get_new_tickets(krb5_context context, if (ntlm_domain && passwd[0]) heim_ntlm_nt_key(passwd, &ntlmkey); #endif - memset(passwd, 0, sizeof(passwd)); + memset_s(passwd, sizeof(passwd), 0, sizeof(passwd)); switch(ret){ case 0: diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c index 0aa2da080..d88ec4cdd 100644 --- a/lib/gssapi/krb5/arcfour.c +++ b/lib/gssapi/krb5/arcfour.c @@ -304,7 +304,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, EVP_Cipher(&rc4_key, p, p, 8); EVP_CIPHER_CTX_cleanup(&rc4_key); - memset(k6_data, 0, sizeof(k6_data)); + memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data)); *minor_status = 0; return GSS_S_COMPLETE; @@ -389,7 +389,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, else cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); - memset(SND_SEQ, 0, sizeof(SND_SEQ)); + memset_s(SND_SEQ, sizeof(SND_SEQ), 0, sizeof(SND_SEQ)); if (cmp != 0) { *minor_status = 0; return GSS_S_BAD_MIC; @@ -516,7 +516,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, ret = arcfour_mic_key(context, &Klocal, p0 + 8, 4, /* SND_SEQ */ k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); + memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata)); if (ret) { _gsskrb5_release_buffer(minor_status, output_message_buffer); *minor_status = ret; @@ -550,7 +550,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8); EVP_CIPHER_CTX_cleanup(&rc4_key); - memset(k6_data, 0, sizeof(k6_data)); + memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data)); } if (conf_state) @@ -650,7 +650,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8); EVP_CIPHER_CTX_cleanup(&rc4_key); - memset(k6_data, 0, sizeof(k6_data)); + memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data)); } _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number); @@ -678,7 +678,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, ret = arcfour_mic_key(context, &Klocal, SND_SEQ, 4, k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); + memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata)); if (ret) { *minor_status = ret; return GSS_S_FAILURE; @@ -1069,7 +1069,7 @@ _gssapi_wrap_iov_arcfour(OM_uint32 *minor_status, kret = arcfour_mic_key(context, &Klocal, p0 + 8, 4, /* SND_SEQ */ k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); + memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata)); if (kret) { *minor_status = kret; major_status = GSS_S_FAILURE; @@ -1300,7 +1300,7 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status, snd_seq, 4, k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); + memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata)); if (kret) { *minor_status = kret; return GSS_S_FAILURE; diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c index 643385d9e..d9cf9d700 100644 --- a/lib/gssapi/krb5/get_mic.c +++ b/lib/gssapi/krb5/get_mic.c @@ -121,8 +121,8 @@ mic_des ++seq_number); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); + memset_s(deskey, sizeof(deskey), 0, sizeof(deskey)); + memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule)); *minor_status = 0; return GSS_S_COMPLETE; diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index 9968ce403..7070f3de4 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -89,8 +89,8 @@ verify_mic_des DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); if (ct_memcmp (p - 8, hash, 8) != 0) { - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); + memset_s(deskey, sizeof(deskey), 0, sizeof(deskey)); + memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule)); return GSS_S_BAD_MIC; } @@ -105,8 +105,8 @@ verify_mic_des EVP_Cipher(&des_ctx, p, p, 8); EVP_CIPHER_CTX_cleanup(&des_ctx); - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); + memset_s(deskey, sizeof(deskey), 0, sizeof(deskey)); + memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule)); seq = p; _gsskrb5_decode_om_uint32(seq, &seq_number); diff --git a/lib/gssapi/ntlm/init_sec_context.c b/lib/gssapi/ntlm/init_sec_context.c index 27530328f..53a07dd80 100644 --- a/lib/gssapi/ntlm/init_sec_context.c +++ b/lib/gssapi/ntlm/init_sec_context.c @@ -72,11 +72,11 @@ from_file(const char *fn, const char *target_domain, heim_ntlm_nt_key(p, key); - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); fclose(f); return 0; } - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); fclose(f); return ENOENT; } @@ -463,7 +463,7 @@ _gss_ntlm_init_sec_context ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2), &sessionkey, &type3.sessionkey); - memset(ntlmv2, 0, sizeof(ntlmv2)); + memset_s(ntlmv2, sizeof(ntlmv2), 0, sizeof(ntlmv2)); if (ret) { _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); diff --git a/lib/hcrypto/md2.c b/lib/hcrypto/md2.c index 25341a93b..da41e6d83 100644 --- a/lib/hcrypto/md2.c +++ b/lib/hcrypto/md2.c @@ -90,7 +90,7 @@ calc(struct md2 *m, const void *v) } memcpy(m->state, x, 16); - memset(x, 0, sizeof(x)); + memset_s(x, sizeof(x), 0, sizeof(x)); } int diff --git a/lib/hcrypto/rand-fortuna.c b/lib/hcrypto/rand-fortuna.c index 529bf8f30..2082f35ec 100644 --- a/lib/hcrypto/rand-fortuna.c +++ b/lib/hcrypto/rand-fortuna.c @@ -159,7 +159,7 @@ md_result(MD_CTX * ctx, unsigned char *dst) memcpy(&tmp, ctx, sizeof(*ctx)); SHA256_Final(dst, &tmp); - memset(&tmp, 0, sizeof(tmp)); + memset_s(&tmp, sizeof(tmp), 0, sizeof(tmp)); } /* @@ -234,7 +234,7 @@ enough_time_passed(FState * st) if (ok) memcpy(last, &tv, sizeof(tv)); - memset(&tv, 0, sizeof(tv)); + memset_s(&tv, sizeof(tv), 0, sizeof(tv)); return ok; } @@ -284,8 +284,8 @@ reseed(FState * st) /* use new key */ ciph_init(&st->ciph, st->key, BLOCK); - memset(&key_md, 0, sizeof(key_md)); - memset(buf, 0, BLOCK); + memset_s(&key_md, sizeof(key_md), 0, sizeof(key_md)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); } /* @@ -335,8 +335,8 @@ add_entropy(FState * st, const unsigned char *data, unsigned len) if (pos == 0) st->pool0_bytes += len; - memset(hash, 0, BLOCK); - memset(&md, 0, sizeof(md)); + memset_s(hash, sizeof(hash), 0, sizeof(hash)); + memset_s(&md, sizeof(hash), 0, sizeof(md)); } /* @@ -372,7 +372,7 @@ startup_tricks(FState * st) encrypt_counter(st, buf + CIPH_BLOCK); md_update(&st->pool[i], buf, BLOCK); } - memset(buf, 0, BLOCK); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); /* Hide the key. */ rekey(st); @@ -468,7 +468,7 @@ fortuna_reseed(void) if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) { add_entropy(&main_state, buf, sizeof(buf)); entropy_p = 1; - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); } } #endif @@ -509,7 +509,7 @@ fortuna_reseed(void) close(fd); } - memset(&u, 0, sizeof(u)); + memset_s(&u, sizeof(u), 0, sizeof(u)); entropy_p = 1; /* sure about this ? */ } @@ -593,7 +593,7 @@ fortuna_cleanup(void) init_done = 0; have_entropy = 0; - memset(&main_state, 0, sizeof(main_state)); + memset_s(&main_state, sizeof(main_state), 0, sizeof(main_state)); HEIMDAL_MUTEX_unlock(&fortuna_mutex); } diff --git a/lib/hdb/mkey.c b/lib/hdb/mkey.c index 8265776bf..cfc27d424 100644 --- a/lib/hdb/mkey.c +++ b/lib/hdb/mkey.c @@ -226,7 +226,7 @@ read_master_encryptionkey(krb5_context context, const char *filename, } ret = decode_EncryptionKey(buf, len, &key, &ret_len); - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); if(ret) return ret; @@ -279,7 +279,7 @@ read_master_krb4(krb5_context context, const char *filename, memset(&key, 0, sizeof(key)); key.keytype = ETYPE_DES_PCBC_NONE; ret = krb5_data_copy(&key.keyvalue, buf, len); - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); if(ret) return ret; diff --git a/lib/hx509/ks_file.c b/lib/hx509/ks_file.c index 642dd173b..d7726f084 100644 --- a/lib/hx509/ks_file.c +++ b/lib/hx509/ks_file.c @@ -126,10 +126,10 @@ try_decrypt(hx509_context context, &clear, NULL); - memset(clear.data, 0, clear.length); + memset_s(clear.data, clear.length, 0, clear.length); free(clear.data); out: - memset(key, 0, keylen); + memset_s(key, keylen, 0, keylen); free(key); return ret; } @@ -292,7 +292,7 @@ parse_pem_private_key(hx509_context context, const char *fn, ret = try_decrypt(context, c, ai, cipher, ivdata, password, strlen(password), data, len); /* XXX add password to lock password collection ? */ - memset(password, 0, sizeof(password)); + memset_s(password, sizeof(password), 0, sizeof(password)); } free(ivdata); diff --git a/lib/krb5/crypto-arcfour.c b/lib/krb5/crypto-arcfour.c index e195bd3a0..ae576eccf 100644 --- a/lib/krb5/crypto-arcfour.c +++ b/lib/krb5/crypto-arcfour.c @@ -180,9 +180,9 @@ ARCFOUR_subencrypt(krb5_context context, EVP_Cipher(&ctx, cdata + 16, cdata + 16, len - 16); EVP_CIPHER_CTX_cleanup(&ctx); - memset (k1_c_data, 0, sizeof(k1_c_data)); - memset (k2_c_data, 0, sizeof(k2_c_data)); - memset (k3_c_data, 0, sizeof(k3_c_data)); + memset_s(k1_c_data, sizeof(k1_c_data), 0, sizeof(k1_c_data)); + memset_s(k2_c_data, sizeof(k2_c_data), 0, sizeof(k2_c_data)); + memset_s(k3_c_data, sizeof(k3_c_data), 0, sizeof(k3_c_data)); return 0; } @@ -247,9 +247,9 @@ ARCFOUR_subdecrypt(krb5_context context, if (ret) krb5_abortx(context, "hmac failed"); - memset (k1_c_data, 0, sizeof(k1_c_data)); - memset (k2_c_data, 0, sizeof(k2_c_data)); - memset (k3_c_data, 0, sizeof(k3_c_data)); + memset_s(k1_c_data, sizeof(k1_c_data), 0, sizeof(k1_c_data)); + memset_s(k2_c_data, sizeof(k2_c_data), 0, sizeof(k2_c_data)); + memset_s(k3_c_data, sizeof(k3_c_data), 0, sizeof(k3_c_data)); if (ct_memcmp (cksum.checksum.data, data, 16) != 0) { krb5_clear_error_message (context); diff --git a/lib/krb5/crypto-des-common.c b/lib/krb5/crypto-des-common.c index 2565914de..95f6389d1 100644 --- a/lib/krb5/crypto-des-common.c +++ b/lib/krb5/crypto-des-common.c @@ -77,7 +77,7 @@ _krb5_des_checksum(krb5_context context, EVP_DigestUpdate(m, data, len); EVP_DigestFinal_ex (m, p + 8, NULL); EVP_MD_CTX_destroy(m); - memset (&ivec, 0, sizeof(ivec)); + memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1); EVP_Cipher(&ctx->ectx, p, p, 24); @@ -103,7 +103,7 @@ _krb5_des_verify(krb5_context context, if (m == NULL) return krb5_enomem(context); - memset(&ivec, 0, sizeof(ivec)); + memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1); EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24); @@ -116,8 +116,8 @@ _krb5_des_verify(krb5_context context, krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); + memset_s(tmp, sizeof(tmp), 0, sizeof(tmp)); + memset_s(res, sizeof(res), 0, sizeof(res)); return ret; } diff --git a/lib/krb5/crypto-pk.c b/lib/krb5/crypto-pk.c index c5d87a1b5..24a07cdbd 100644 --- a/lib/krb5/crypto-pk.c +++ b/lib/krb5/crypto-pk.c @@ -92,12 +92,12 @@ _krb5_pk_octetstring2key(krb5_context context, offset += sizeof(shaoutput); counter++; } while(offset < keylen); - memset(shaoutput, 0, sizeof(shaoutput)); + memset_s(shaoutput, sizeof(shaoutput), 0, sizeof(shaoutput)); EVP_MD_CTX_destroy(m); ret = krb5_random_to_key(context, type, keydata, keylen, key); - memset(keydata, 0, sizeof(keylen)); + memset_s(keydata, sizeof(keylen), 0, sizeof(keylen)); free(keydata); return ret; } @@ -282,13 +282,13 @@ _krb5_pk_kdf(krb5_context context, offset += EVP_MD_CTX_size(m); counter++; } while(offset < keylen); - memset(shaoutput, 0, sizeof(shaoutput)); + memset_s(shaoutput, sizeof(shaoutput), 0, sizeof(shaoutput)); EVP_MD_CTX_destroy(m); free(other.data); ret = krb5_random_to_key(context, enctype, keydata, keylen, key); - memset(keydata, 0, sizeof(keylen)); + memset_s(keydata, sizeof(keylen), 0, sizeof(keylen)); free(keydata); return ret; diff --git a/lib/krb5/deprecated.c b/lib/krb5/deprecated.c index e3c142d88..5530e841b 100644 --- a/lib/krb5/deprecated.c +++ b/lib/krb5/deprecated.c @@ -207,7 +207,7 @@ krb5_password_key_proc (krb5_context context, password = buf; } ret = krb5_string_to_key_salt (context, type, password, salt, *key); - memset (buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); return ret; } diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 1eece1760..e1dacc25f 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -162,7 +162,9 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx) if (ctx->keytab_data) free(ctx->keytab_data); if (ctx->password) { - memset(ctx->password, 0, strlen(ctx->password)); + size_t len; + len = strlen(ctx->password); + memset_s(ctx->password, len, 0, len); free(ctx->password); } /* @@ -189,7 +191,7 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx) free_paid(context, ctx->ppaid); free(ctx->ppaid); } - memset(ctx, 0, sizeof(*ctx)); + memset_s(ctx, sizeof(*ctx), 0, sizeof(*ctx)); } static int @@ -629,8 +631,8 @@ change_password (krb5_context context, } out: - memset (buf1, 0, sizeof(buf1)); - memset (buf2, 0, sizeof(buf2)); + memset_s(buf1, sizeof(buf1), 0, sizeof(buf1)); + memset_s(buf2, sizeof(buf2), 0, sizeof(buf2)); krb5_data_free (&result_string); krb5_data_free (&result_code_string); krb5_free_cred_contents (context, &cpw_cred); @@ -756,7 +758,7 @@ init_as_req (krb5_context context, return 0; fail: free_AS_REQ(a); - memset(a, 0, sizeof(*a)); + memset_s(a, sizeof(*a), 0, sizeof(*a)); return ret; } @@ -1501,7 +1503,9 @@ krb5_init_creds_set_password(krb5_context context, const char *password) { if (ctx->password) { - memset(ctx->password, 0, strlen(ctx->password)); + size_t len; + len = strlen(ctx->password); + memset_s(ctx->password, len, 0, len); free(ctx->password); } if (password) { @@ -2317,7 +2321,7 @@ krb5_init_creds_step(krb5_context context, if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) { free_METHOD_DATA(&ctx->md); - memset(&ctx->md, 0, sizeof(ctx->md)); + memset_s(&ctx->md, sizeof(ctx->md), 0, sizeof(ctx->md)); if (ctx->error.e_data) { ret = decode_METHOD_DATA(ctx->error.e_data->data, @@ -2371,7 +2375,7 @@ krb5_init_creds_step(krb5_context context, } free_AS_REQ(&ctx->as_req); - memset(&ctx->as_req, 0, sizeof(ctx->as_req)); + memset_s(&ctx->as_req, sizeof(ctx->as_req), 0, sizeof(ctx->as_req)); ctx->used_pa_types = 0; } else if (ret == KRB5KDC_ERR_KEY_EXP && ctx->runflags.change_password == 0 && ctx->prompter) { @@ -2685,7 +2689,7 @@ krb5_get_init_creds_password(krb5_context context, ret = (*prompter) (context, data, NULL, NULL, 1, &prompt); free (q); if (ret) { - memset (buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); ret = KRB5_LIBOS_PWDINTR; krb5_clear_error_message (context); goto out; @@ -2741,8 +2745,8 @@ krb5_get_init_creds_password(krb5_context context, if (ctx) krb5_init_creds_free(context, ctx); - memset(buf, 0, sizeof(buf)); - memset(buf2, 0, sizeof(buf2)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); + memset_s(buf2, sizeof(buf), 0, sizeof(buf2)); return ret; } diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c index 557dc5fe4..8e1dfff2d 100644 --- a/lib/krb5/kcm.c +++ b/lib/krb5/kcm.c @@ -224,7 +224,7 @@ kcm_free(krb5_context context, krb5_ccache *id) if (k != NULL) { if (k->name != NULL) free(k->name); - memset(k, 0, sizeof(*k)); + memset_s(k, sizeof(*k), 0, sizeof(*k)); krb5_data_free(&(*id)->data); } } diff --git a/lib/krb5/salt-des.c b/lib/krb5/salt-des.c index afcff675b..d898d6c20 100644 --- a/lib/krb5/salt-des.c +++ b/lib/krb5/salt-des.c @@ -109,7 +109,7 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, memset(&schedule, 0, sizeof(schedule)); memset(&temp_key, 0, sizeof(temp_key)); memset(&ivec, 0, sizeof(ivec)); - memset(password, 0, sizeof(password)); + memset_s(password, sizeof(password), 0, sizeof(password)); DES_set_odd_parity (key); } diff --git a/lib/krb5/salt-des3.c b/lib/krb5/salt-des3.c index 342bba0d0..c4d2d7556 100644 --- a/lib/krb5/salt-des3.c +++ b/lib/krb5/salt-des3.c @@ -61,7 +61,7 @@ DES3_string_to_key(krb5_context context, ret = _krb5_n_fold(str, len, tmp, 24); if (ret) { - memset(str, 0, len); + memset_s(str, len, 0, len); free(str); krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; @@ -74,24 +74,24 @@ DES3_string_to_key(krb5_context context, _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); DES_set_key_unchecked(keys + i, &s[i]); } - memset(&ivec, 0, sizeof(ivec)); + memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); DES_ede3_cbc_encrypt(tmp, tmp, sizeof(tmp), &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); - memset(s, 0, sizeof(s)); - memset(&ivec, 0, sizeof(ivec)); + memset_s(s, sizeof(s), 0, sizeof(s)); + memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); for(i = 0; i < 3; i++){ memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); DES_set_odd_parity(keys + i); if(DES_is_weak_key(keys + i)) _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); } - memset(tmp, 0, sizeof(tmp)); + memset_s(tmp, sizeof(tmp), 0, sizeof(tmp)); } key->keytype = enctype; krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); - memset(keys, 0, sizeof(keys)); - memset(str, 0, len); + memset_s(keys, sizeof(keys), 0, sizeof(keys)); + memset_s(str, sizeof(str), 0, len); free(str); return 0; } @@ -119,7 +119,7 @@ DES3_string_to_key_derived(krb5_context context, len, enctype, key); - memset(s, 0, len); + memset_s(s, len, 0, len); free(s); return ret; } diff --git a/lib/ntlm/ntlm.c b/lib/ntlm/ntlm.c index 7ec0181ff..42dd09bed 100644 --- a/lib/ntlm/ntlm.c +++ b/lib/ntlm/ntlm.c @@ -1192,7 +1192,7 @@ splitandenc(unsigned char *hash, EVP_CipherInit_ex(&ctx, EVP_des_cbc(), NULL, key, NULL, 1); EVP_Cipher(&ctx, answer, challenge, 8); EVP_CIPHER_CTX_cleanup(&ctx); - memset(key, 0, sizeof(key)); + memset_s(key, sizeof(key), 0, sizeof(key)); } /**