nuke the encryption keys when cleaning up
authorJohn Kohl <jtkohl@mit.edu>
Thu, 18 Oct 1990 16:02:23 +0000 (16:02 +0000)
committerJohn Kohl <jtkohl@mit.edu>
Thu, 18 Oct 1990 16:02:23 +0000 (16:02 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1274 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/get_in_tkt.c

index d9aa19c54fe4e39a5f383e07887d8fe47e53295b..35e8e2d42ab090d4e35aee8b762dce3b0eec0fb0 100644 (file)
@@ -154,6 +154,7 @@ OLDDECLARG(krb5_ccache, ccache)
     }
     
     retval = (*decrypt_proc)(decrypt_key, decryptarg, as_reply);
+    bzero((char *)decrypt_key->contents, decrypt_key->length);
     krb5_free_keyblock(decrypt_key);
     if (retval) {
        krb5_free_kdc_rep(as_reply);
@@ -181,6 +182,8 @@ OLDDECLARG(krb5_ccache, ccache)
            (request.till != 0) &&
            (as_reply->enc_part2->times.renew_till > request.till))
        ) {
+       bzero((char *)as_reply->enc_part2->session.contents,
+             as_reply->enc_part2->session.length);
        krb5_free_kdc_rep(as_reply);
        return KRB5_KDCREP_MODIFIED;
     }
@@ -190,6 +193,8 @@ OLDDECLARG(krb5_ccache, ccache)
     /* fill in the credentials */
     if (retval = krb5_copy_keyblock(as_reply->enc_part2->session,
                                    &creds->keyblock)) {
+       bzero((char *)as_reply->enc_part2->session.contents,
+             as_reply->enc_part2->session.length);
        krb5_free_kdc_rep(as_reply);
        return retval;
     }