use memset_s

lib roken includes support for memset_s() but it was not applied to the Heimdal source tree. Change-Id: I8362ec97a9be50205bb2d398e65b629b88ce1acd
2017-04-28 11:11:07 -04:00
parent 85acd57c8a
commit 93518bfab4
21 changed files with 80 additions and 76 deletions
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -162,7 +162,9 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
    if (ctx->keytab_data)
 	free(ctx->keytab_data);
    if (ctx->password) {
-	memset(ctx->password, 0, strlen(ctx->password));
+	size_t len;
+	len = strlen(ctx->password);
+	memset_s(ctx->password, len, 0, len);
 	free(ctx->password);
    }
    /*
@@ -189,7 +191,7 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
 	free_paid(context, ctx->ppaid);
 	free(ctx->ppaid);
    }
-    memset(ctx, 0, sizeof(*ctx));
+    memset_s(ctx, sizeof(*ctx), 0, sizeof(*ctx));
 }

 static int
@@ -629,8 +631,8 @@ change_password (krb5_context context,
    }

 out:
-    memset (buf1, 0, sizeof(buf1));
-    memset (buf2, 0, sizeof(buf2));
+    memset_s(buf1, sizeof(buf1), 0, sizeof(buf1));
+    memset_s(buf2, sizeof(buf2), 0, sizeof(buf2));
    krb5_data_free (&result_string);
    krb5_data_free (&result_code_string);
    krb5_free_cred_contents (context, &cpw_cred);
@@ -756,7 +758,7 @@ init_as_req (krb5_context context,
    return 0;
 fail:
    free_AS_REQ(a);
-    memset(a, 0, sizeof(*a));
+    memset_s(a, sizeof(*a), 0, sizeof(*a));
    return ret;
 }

@@ -1501,7 +1503,9 @@ krb5_init_creds_set_password(krb5_context context,
 			     const char *password)
 {
    if (ctx->password) {
-	memset(ctx->password, 0, strlen(ctx->password));
+	size_t len;
+	len = strlen(ctx->password);
+	memset_s(ctx->password, len, 0, len);
 	free(ctx->password);
    }
    if (password) {
@@ -2317,7 +2321,7 @@ krb5_init_creds_step(krb5_context context,
 	    if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) {

 	        free_METHOD_DATA(&ctx->md);
-	        memset(&ctx->md, 0, sizeof(ctx->md));
+		memset_s(&ctx->md, sizeof(ctx->md), 0, sizeof(ctx->md));

 		if (ctx->error.e_data) {
 		    ret = decode_METHOD_DATA(ctx->error.e_data->data,
@@ -2371,7 +2375,7 @@ krb5_init_creds_step(krb5_context context,
 		}

 		free_AS_REQ(&ctx->as_req);
-		memset(&ctx->as_req, 0, sizeof(ctx->as_req));
+		memset_s(&ctx->as_req, sizeof(ctx->as_req), 0, sizeof(ctx->as_req));

 		ctx->used_pa_types = 0;
 	    } else if (ret == KRB5KDC_ERR_KEY_EXP && ctx->runflags.change_password == 0 && ctx->prompter) {
@@ -2685,7 +2689,7 @@ krb5_get_init_creds_password(krb5_context context,
 	ret = (*prompter) (context, data, NULL, NULL, 1, &prompt);
 	free (q);
 	if (ret) {
-	    memset (buf, 0, sizeof(buf));
+	    memset_s(buf, sizeof(buf), 0, sizeof(buf));
 	    ret = KRB5_LIBOS_PWDINTR;
 	    krb5_clear_error_message (context);
 	    goto out;
@@ -2741,8 +2745,8 @@ krb5_get_init_creds_password(krb5_context context,
    if (ctx)
 	krb5_init_creds_free(context, ctx);

-    memset(buf, 0, sizeof(buf));
-    memset(buf2, 0, sizeof(buf2));
+    memset_s(buf, sizeof(buf), 0, sizeof(buf));
+    memset_s(buf2, sizeof(buf), 0, sizeof(buf2));
    return ret;
 }