use memset_s
lib roken includes support for memset_s() but it was not applied to the Heimdal source tree. Change-Id: I8362ec97a9be50205bb2d398e65b629b88ce1acd
This commit is contained in:
Jeffrey Altman
@@ -303,7 +303,7 @@ verify_unix(struct passwd *login, struct passwd *su)
|
||||
if(r != 0)
|
||||
exit(0);
|
||||
pw = crypt(pw_buf, su->pw_passwd);
|
||||
memset(pw_buf, 0, sizeof(pw_buf));
|
||||
memset_s(pw_buf, sizeof(pw_buf), 0, sizeof(pw_buf));
|
||||
if(strcmp(pw, su->pw_passwd) != 0) {
|
||||
syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password",
|
||||
login->pw_name, su->pw_name);
|
||||
|
||||
@@ -76,7 +76,7 @@ set_random_password (krb5_principal principal, int keepold)
|
||||
printf ("%s's password set to \"%s\"\n", princ_name, pw);
|
||||
free (princ_name);
|
||||
}
|
||||
memset (pw, 0, sizeof(pw));
|
||||
memset_s(pw, sizeof(pw), 0, sizeof(pw));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -108,7 +108,7 @@ set_password (krb5_principal principal, char *password, int keepold)
|
||||
if(ret == 0)
|
||||
ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL,
|
||||
password);
|
||||
memset(pwbuf, 0, sizeof(pwbuf));
|
||||
memset_s(pwbuf, sizeof(pwbuf), 0, sizeof(pwbuf));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -68,7 +68,7 @@ random_password(char *pw, size_t len)
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2,
|
||||
"@$%&*()-+=:,/<>1234567890", 1);
|
||||
strlcpy(pw, pass, len);
|
||||
memset(pass, 0, strlen(pass));
|
||||
memset_s(pass, sizeof(pass), 0, strlen(pass));
|
||||
free(pass);
|
||||
#endif
|
||||
}
|
||||
@@ -155,7 +155,7 @@ generate_password(char **pw, int num_classes, ...)
|
||||
}
|
||||
}
|
||||
(*pw)[len] = '\0';
|
||||
memset(rbuf, 0, sizeof(rbuf));
|
||||
memset_s(rbuf, sizeof(rbuf), 0, sizeof(rbuf));
|
||||
free(classes);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -677,7 +677,7 @@ get_new_tickets(krb5_context context,
|
||||
if (ntlm_domain && passwd[0])
|
||||
heim_ntlm_nt_key(passwd, &ntlmkey);
|
||||
#endif
|
||||
memset(passwd, 0, sizeof(passwd));
|
||||
memset_s(passwd, sizeof(passwd), 0, sizeof(passwd));
|
||||
|
||||
switch(ret){
|
||||
case 0:
|
||||
|
||||
@@ -304,7 +304,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
|
||||
EVP_Cipher(&rc4_key, p, p, 8);
|
||||
EVP_CIPHER_CTX_cleanup(&rc4_key);
|
||||
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data));
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
@@ -389,7 +389,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
|
||||
else
|
||||
cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
|
||||
|
||||
memset(SND_SEQ, 0, sizeof(SND_SEQ));
|
||||
memset_s(SND_SEQ, sizeof(SND_SEQ), 0, sizeof(SND_SEQ));
|
||||
if (cmp != 0) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_MIC;
|
||||
@@ -516,7 +516,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
|
||||
ret = arcfour_mic_key(context, &Klocal,
|
||||
p0 + 8, 4, /* SND_SEQ */
|
||||
k6_data, sizeof(k6_data));
|
||||
memset(Klocaldata, 0, sizeof(Klocaldata));
|
||||
memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata));
|
||||
if (ret) {
|
||||
_gsskrb5_release_buffer(minor_status, output_message_buffer);
|
||||
*minor_status = ret;
|
||||
@@ -550,7 +550,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
|
||||
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
|
||||
EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
|
||||
EVP_CIPHER_CTX_cleanup(&rc4_key);
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data));
|
||||
}
|
||||
|
||||
if (conf_state)
|
||||
@@ -650,7 +650,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
|
||||
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
|
||||
EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8);
|
||||
EVP_CIPHER_CTX_cleanup(&rc4_key);
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data));
|
||||
}
|
||||
|
||||
_gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
|
||||
@@ -678,7 +678,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
|
||||
ret = arcfour_mic_key(context, &Klocal,
|
||||
SND_SEQ, 4,
|
||||
k6_data, sizeof(k6_data));
|
||||
memset(Klocaldata, 0, sizeof(Klocaldata));
|
||||
memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata));
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
@@ -1069,7 +1069,7 @@ _gssapi_wrap_iov_arcfour(OM_uint32 *minor_status,
|
||||
kret = arcfour_mic_key(context, &Klocal,
|
||||
p0 + 8, 4, /* SND_SEQ */
|
||||
k6_data, sizeof(k6_data));
|
||||
memset(Klocaldata, 0, sizeof(Klocaldata));
|
||||
memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata));
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
major_status = GSS_S_FAILURE;
|
||||
@@ -1300,7 +1300,7 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,
|
||||
snd_seq,
|
||||
4,
|
||||
k6_data, sizeof(k6_data));
|
||||
memset(Klocaldata, 0, sizeof(Klocaldata));
|
||||
memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata));
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
@@ -121,8 +121,8 @@ mic_des
|
||||
++seq_number);
|
||||
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
|
||||
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (&schedule, 0, sizeof(schedule));
|
||||
memset_s(deskey, sizeof(deskey), 0, sizeof(deskey));
|
||||
memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule));
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
|
||||
@@ -89,8 +89,8 @@ verify_mic_des
|
||||
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
&schedule, &zero);
|
||||
if (ct_memcmp (p - 8, hash, 8) != 0) {
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (&schedule, 0, sizeof(schedule));
|
||||
memset_s(deskey, sizeof(deskey), 0, sizeof(deskey));
|
||||
memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule));
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
@@ -105,8 +105,8 @@ verify_mic_des
|
||||
EVP_Cipher(&des_ctx, p, p, 8);
|
||||
EVP_CIPHER_CTX_cleanup(&des_ctx);
|
||||
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (&schedule, 0, sizeof(schedule));
|
||||
memset_s(deskey, sizeof(deskey), 0, sizeof(deskey));
|
||||
memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule));
|
||||
|
||||
seq = p;
|
||||
_gsskrb5_decode_om_uint32(seq, &seq_number);
|
||||
|
||||
@@ -72,11 +72,11 @@ from_file(const char *fn, const char *target_domain,
|
||||
|
||||
heim_ntlm_nt_key(p, key);
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
fclose(f);
|
||||
return 0;
|
||||
}
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
fclose(f);
|
||||
return ENOENT;
|
||||
}
|
||||
@@ -463,7 +463,7 @@ _gss_ntlm_init_sec_context
|
||||
ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
|
||||
&sessionkey,
|
||||
&type3.sessionkey);
|
||||
memset(ntlmv2, 0, sizeof(ntlmv2));
|
||||
memset_s(ntlmv2, sizeof(ntlmv2), 0, sizeof(ntlmv2));
|
||||
if (ret) {
|
||||
_gss_ntlm_delete_sec_context(minor_status,
|
||||
context_handle, NULL);
|
||||
|
||||
@@ -90,7 +90,7 @@ calc(struct md2 *m, const void *v)
|
||||
}
|
||||
|
||||
memcpy(m->state, x, 16);
|
||||
memset(x, 0, sizeof(x));
|
||||
memset_s(x, sizeof(x), 0, sizeof(x));
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
@@ -159,7 +159,7 @@ md_result(MD_CTX * ctx, unsigned char *dst)
|
||||
|
||||
memcpy(&tmp, ctx, sizeof(*ctx));
|
||||
SHA256_Final(dst, &tmp);
|
||||
memset(&tmp, 0, sizeof(tmp));
|
||||
memset_s(&tmp, sizeof(tmp), 0, sizeof(tmp));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -234,7 +234,7 @@ enough_time_passed(FState * st)
|
||||
if (ok)
|
||||
memcpy(last, &tv, sizeof(tv));
|
||||
|
||||
memset(&tv, 0, sizeof(tv));
|
||||
memset_s(&tv, sizeof(tv), 0, sizeof(tv));
|
||||
|
||||
return ok;
|
||||
}
|
||||
@@ -284,8 +284,8 @@ reseed(FState * st)
|
||||
/* use new key */
|
||||
ciph_init(&st->ciph, st->key, BLOCK);
|
||||
|
||||
memset(&key_md, 0, sizeof(key_md));
|
||||
memset(buf, 0, BLOCK);
|
||||
memset_s(&key_md, sizeof(key_md), 0, sizeof(key_md));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -335,8 +335,8 @@ add_entropy(FState * st, const unsigned char *data, unsigned len)
|
||||
if (pos == 0)
|
||||
st->pool0_bytes += len;
|
||||
|
||||
memset(hash, 0, BLOCK);
|
||||
memset(&md, 0, sizeof(md));
|
||||
memset_s(hash, sizeof(hash), 0, sizeof(hash));
|
||||
memset_s(&md, sizeof(hash), 0, sizeof(md));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -372,7 +372,7 @@ startup_tricks(FState * st)
|
||||
encrypt_counter(st, buf + CIPH_BLOCK);
|
||||
md_update(&st->pool[i], buf, BLOCK);
|
||||
}
|
||||
memset(buf, 0, BLOCK);
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
|
||||
/* Hide the key. */
|
||||
rekey(st);
|
||||
@@ -468,7 +468,7 @@ fortuna_reseed(void)
|
||||
if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
|
||||
add_entropy(&main_state, buf, sizeof(buf));
|
||||
entropy_p = 1;
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -509,7 +509,7 @@ fortuna_reseed(void)
|
||||
close(fd);
|
||||
}
|
||||
|
||||
memset(&u, 0, sizeof(u));
|
||||
memset_s(&u, sizeof(u), 0, sizeof(u));
|
||||
|
||||
entropy_p = 1; /* sure about this ? */
|
||||
}
|
||||
@@ -593,7 +593,7 @@ fortuna_cleanup(void)
|
||||
|
||||
init_done = 0;
|
||||
have_entropy = 0;
|
||||
memset(&main_state, 0, sizeof(main_state));
|
||||
memset_s(&main_state, sizeof(main_state), 0, sizeof(main_state));
|
||||
|
||||
HEIMDAL_MUTEX_unlock(&fortuna_mutex);
|
||||
}
|
||||
|
||||
@@ -226,7 +226,7 @@ read_master_encryptionkey(krb5_context context, const char *filename,
|
||||
}
|
||||
|
||||
ret = decode_EncryptionKey(buf, len, &key, &ret_len);
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
if(ret)
|
||||
return ret;
|
||||
|
||||
@@ -279,7 +279,7 @@ read_master_krb4(krb5_context context, const char *filename,
|
||||
memset(&key, 0, sizeof(key));
|
||||
key.keytype = ETYPE_DES_PCBC_NONE;
|
||||
ret = krb5_data_copy(&key.keyvalue, buf, len);
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
if(ret)
|
||||
return ret;
|
||||
|
||||
|
||||
@@ -126,10 +126,10 @@ try_decrypt(hx509_context context,
|
||||
&clear,
|
||||
NULL);
|
||||
|
||||
memset(clear.data, 0, clear.length);
|
||||
memset_s(clear.data, clear.length, 0, clear.length);
|
||||
free(clear.data);
|
||||
out:
|
||||
memset(key, 0, keylen);
|
||||
memset_s(key, keylen, 0, keylen);
|
||||
free(key);
|
||||
return ret;
|
||||
}
|
||||
@@ -292,7 +292,7 @@ parse_pem_private_key(hx509_context context, const char *fn,
|
||||
ret = try_decrypt(context, c, ai, cipher, ivdata, password,
|
||||
strlen(password), data, len);
|
||||
/* XXX add password to lock password collection ? */
|
||||
memset(password, 0, sizeof(password));
|
||||
memset_s(password, sizeof(password), 0, sizeof(password));
|
||||
}
|
||||
free(ivdata);
|
||||
|
||||
|
||||
@@ -180,9 +180,9 @@ ARCFOUR_subencrypt(krb5_context context,
|
||||
EVP_Cipher(&ctx, cdata + 16, cdata + 16, len - 16);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
|
||||
memset (k1_c_data, 0, sizeof(k1_c_data));
|
||||
memset (k2_c_data, 0, sizeof(k2_c_data));
|
||||
memset (k3_c_data, 0, sizeof(k3_c_data));
|
||||
memset_s(k1_c_data, sizeof(k1_c_data), 0, sizeof(k1_c_data));
|
||||
memset_s(k2_c_data, sizeof(k2_c_data), 0, sizeof(k2_c_data));
|
||||
memset_s(k3_c_data, sizeof(k3_c_data), 0, sizeof(k3_c_data));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -247,9 +247,9 @@ ARCFOUR_subdecrypt(krb5_context context,
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
|
||||
memset (k1_c_data, 0, sizeof(k1_c_data));
|
||||
memset (k2_c_data, 0, sizeof(k2_c_data));
|
||||
memset (k3_c_data, 0, sizeof(k3_c_data));
|
||||
memset_s(k1_c_data, sizeof(k1_c_data), 0, sizeof(k1_c_data));
|
||||
memset_s(k2_c_data, sizeof(k2_c_data), 0, sizeof(k2_c_data));
|
||||
memset_s(k3_c_data, sizeof(k3_c_data), 0, sizeof(k3_c_data));
|
||||
|
||||
if (ct_memcmp (cksum.checksum.data, data, 16) != 0) {
|
||||
krb5_clear_error_message (context);
|
||||
|
||||
@@ -77,7 +77,7 @@ _krb5_des_checksum(krb5_context context,
|
||||
EVP_DigestUpdate(m, data, len);
|
||||
EVP_DigestFinal_ex (m, p + 8, NULL);
|
||||
EVP_MD_CTX_destroy(m);
|
||||
memset (&ivec, 0, sizeof(ivec));
|
||||
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
|
||||
EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1);
|
||||
EVP_Cipher(&ctx->ectx, p, p, 24);
|
||||
|
||||
@@ -103,7 +103,7 @@ _krb5_des_verify(krb5_context context,
|
||||
if (m == NULL)
|
||||
return krb5_enomem(context);
|
||||
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
|
||||
EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1);
|
||||
EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24);
|
||||
|
||||
@@ -116,8 +116,8 @@ _krb5_des_verify(krb5_context context,
|
||||
krb5_clear_error_message (context);
|
||||
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
|
||||
}
|
||||
memset(tmp, 0, sizeof(tmp));
|
||||
memset(res, 0, sizeof(res));
|
||||
memset_s(tmp, sizeof(tmp), 0, sizeof(tmp));
|
||||
memset_s(res, sizeof(res), 0, sizeof(res));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -92,12 +92,12 @@ _krb5_pk_octetstring2key(krb5_context context,
|
||||
offset += sizeof(shaoutput);
|
||||
counter++;
|
||||
} while(offset < keylen);
|
||||
memset(shaoutput, 0, sizeof(shaoutput));
|
||||
memset_s(shaoutput, sizeof(shaoutput), 0, sizeof(shaoutput));
|
||||
|
||||
EVP_MD_CTX_destroy(m);
|
||||
|
||||
ret = krb5_random_to_key(context, type, keydata, keylen, key);
|
||||
memset(keydata, 0, sizeof(keylen));
|
||||
memset_s(keydata, sizeof(keylen), 0, sizeof(keylen));
|
||||
free(keydata);
|
||||
return ret;
|
||||
}
|
||||
@@ -282,13 +282,13 @@ _krb5_pk_kdf(krb5_context context,
|
||||
offset += EVP_MD_CTX_size(m);
|
||||
counter++;
|
||||
} while(offset < keylen);
|
||||
memset(shaoutput, 0, sizeof(shaoutput));
|
||||
memset_s(shaoutput, sizeof(shaoutput), 0, sizeof(shaoutput));
|
||||
|
||||
EVP_MD_CTX_destroy(m);
|
||||
free(other.data);
|
||||
|
||||
ret = krb5_random_to_key(context, enctype, keydata, keylen, key);
|
||||
memset(keydata, 0, sizeof(keylen));
|
||||
memset_s(keydata, sizeof(keylen), 0, sizeof(keylen));
|
||||
free(keydata);
|
||||
|
||||
return ret;
|
||||
|
||||
@@ -207,7 +207,7 @@ krb5_password_key_proc (krb5_context context,
|
||||
password = buf;
|
||||
}
|
||||
ret = krb5_string_to_key_salt (context, type, password, salt, *key);
|
||||
memset (buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -162,7 +162,9 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
|
||||
if (ctx->keytab_data)
|
||||
free(ctx->keytab_data);
|
||||
if (ctx->password) {
|
||||
memset(ctx->password, 0, strlen(ctx->password));
|
||||
size_t len;
|
||||
len = strlen(ctx->password);
|
||||
memset_s(ctx->password, len, 0, len);
|
||||
free(ctx->password);
|
||||
}
|
||||
/*
|
||||
@@ -189,7 +191,7 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
|
||||
free_paid(context, ctx->ppaid);
|
||||
free(ctx->ppaid);
|
||||
}
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
memset_s(ctx, sizeof(*ctx), 0, sizeof(*ctx));
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -629,8 +631,8 @@ change_password (krb5_context context,
|
||||
}
|
||||
|
||||
out:
|
||||
memset (buf1, 0, sizeof(buf1));
|
||||
memset (buf2, 0, sizeof(buf2));
|
||||
memset_s(buf1, sizeof(buf1), 0, sizeof(buf1));
|
||||
memset_s(buf2, sizeof(buf2), 0, sizeof(buf2));
|
||||
krb5_data_free (&result_string);
|
||||
krb5_data_free (&result_code_string);
|
||||
krb5_free_cred_contents (context, &cpw_cred);
|
||||
@@ -756,7 +758,7 @@ init_as_req (krb5_context context,
|
||||
return 0;
|
||||
fail:
|
||||
free_AS_REQ(a);
|
||||
memset(a, 0, sizeof(*a));
|
||||
memset_s(a, sizeof(*a), 0, sizeof(*a));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -1501,7 +1503,9 @@ krb5_init_creds_set_password(krb5_context context,
|
||||
const char *password)
|
||||
{
|
||||
if (ctx->password) {
|
||||
memset(ctx->password, 0, strlen(ctx->password));
|
||||
size_t len;
|
||||
len = strlen(ctx->password);
|
||||
memset_s(ctx->password, len, 0, len);
|
||||
free(ctx->password);
|
||||
}
|
||||
if (password) {
|
||||
@@ -2317,7 +2321,7 @@ krb5_init_creds_step(krb5_context context,
|
||||
if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) {
|
||||
|
||||
free_METHOD_DATA(&ctx->md);
|
||||
memset(&ctx->md, 0, sizeof(ctx->md));
|
||||
memset_s(&ctx->md, sizeof(ctx->md), 0, sizeof(ctx->md));
|
||||
|
||||
if (ctx->error.e_data) {
|
||||
ret = decode_METHOD_DATA(ctx->error.e_data->data,
|
||||
@@ -2371,7 +2375,7 @@ krb5_init_creds_step(krb5_context context,
|
||||
}
|
||||
|
||||
free_AS_REQ(&ctx->as_req);
|
||||
memset(&ctx->as_req, 0, sizeof(ctx->as_req));
|
||||
memset_s(&ctx->as_req, sizeof(ctx->as_req), 0, sizeof(ctx->as_req));
|
||||
|
||||
ctx->used_pa_types = 0;
|
||||
} else if (ret == KRB5KDC_ERR_KEY_EXP && ctx->runflags.change_password == 0 && ctx->prompter) {
|
||||
@@ -2685,7 +2689,7 @@ krb5_get_init_creds_password(krb5_context context,
|
||||
ret = (*prompter) (context, data, NULL, NULL, 1, &prompt);
|
||||
free (q);
|
||||
if (ret) {
|
||||
memset (buf, 0, sizeof(buf));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
ret = KRB5_LIBOS_PWDINTR;
|
||||
krb5_clear_error_message (context);
|
||||
goto out;
|
||||
@@ -2741,8 +2745,8 @@ krb5_get_init_creds_password(krb5_context context,
|
||||
if (ctx)
|
||||
krb5_init_creds_free(context, ctx);
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset(buf2, 0, sizeof(buf2));
|
||||
memset_s(buf, sizeof(buf), 0, sizeof(buf));
|
||||
memset_s(buf2, sizeof(buf), 0, sizeof(buf2));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -224,7 +224,7 @@ kcm_free(krb5_context context, krb5_ccache *id)
|
||||
if (k != NULL) {
|
||||
if (k->name != NULL)
|
||||
free(k->name);
|
||||
memset(k, 0, sizeof(*k));
|
||||
memset_s(k, sizeof(*k), 0, sizeof(*k));
|
||||
krb5_data_free(&(*id)->data);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -109,7 +109,7 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
|
||||
memset(&schedule, 0, sizeof(schedule));
|
||||
memset(&temp_key, 0, sizeof(temp_key));
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
memset(password, 0, sizeof(password));
|
||||
memset_s(password, sizeof(password), 0, sizeof(password));
|
||||
|
||||
DES_set_odd_parity (key);
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ DES3_string_to_key(krb5_context context,
|
||||
|
||||
ret = _krb5_n_fold(str, len, tmp, 24);
|
||||
if (ret) {
|
||||
memset(str, 0, len);
|
||||
memset_s(str, len, 0, len);
|
||||
free(str);
|
||||
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
|
||||
return ret;
|
||||
@@ -74,24 +74,24 @@ DES3_string_to_key(krb5_context context,
|
||||
_krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
|
||||
DES_set_key_unchecked(keys + i, &s[i]);
|
||||
}
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
|
||||
DES_ede3_cbc_encrypt(tmp,
|
||||
tmp, sizeof(tmp),
|
||||
&s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
|
||||
memset(s, 0, sizeof(s));
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
memset_s(s, sizeof(s), 0, sizeof(s));
|
||||
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
|
||||
for(i = 0; i < 3; i++){
|
||||
memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
|
||||
DES_set_odd_parity(keys + i);
|
||||
if(DES_is_weak_key(keys + i))
|
||||
_krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
|
||||
}
|
||||
memset(tmp, 0, sizeof(tmp));
|
||||
memset_s(tmp, sizeof(tmp), 0, sizeof(tmp));
|
||||
}
|
||||
key->keytype = enctype;
|
||||
krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
|
||||
memset(keys, 0, sizeof(keys));
|
||||
memset(str, 0, len);
|
||||
memset_s(keys, sizeof(keys), 0, sizeof(keys));
|
||||
memset_s(str, sizeof(str), 0, len);
|
||||
free(str);
|
||||
return 0;
|
||||
}
|
||||
@@ -119,7 +119,7 @@ DES3_string_to_key_derived(krb5_context context,
|
||||
len,
|
||||
enctype,
|
||||
key);
|
||||
memset(s, 0, len);
|
||||
memset_s(s, len, 0, len);
|
||||
free(s);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -1192,7 +1192,7 @@ splitandenc(unsigned char *hash,
|
||||
EVP_CipherInit_ex(&ctx, EVP_des_cbc(), NULL, key, NULL, 1);
|
||||
EVP_Cipher(&ctx, answer, challenge, 8);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
memset(key, 0, sizeof(key));
|
||||
memset_s(key, sizeof(key), 0, sizeof(key));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user