From e21866f7a29ab9d0fcf69efddaec6f758faf7494 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Tue, 2 Oct 2018 17:49:04 -0500 Subject: [PATCH] GSS unwrap: wipe copy of DES key when done with it Zero out the DES_cblock structure instead of the (not yet used at this point in the function) key schedule. The contents could potentially be left on the stack in the case of an error return from _gssapi_verify_pad(). --- lib/gssapi/krb5/unwrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 57a4d4aeb..f37b0a653 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -109,7 +109,7 @@ unwrap_des EVP_Cipher(&des_ctx, p, p, input_message_buffer->length - len); EVP_CIPHER_CTX_cleanup(&des_ctx); - memset (&schedule, 0, sizeof(schedule)); + memset (&deskey, 0, sizeof(deskey)); } if (IS_DCE_STYLE(context_handle)) {