Derrick Schommer reports that arcfour's string_to_key function leaks
memory. This is true; it copies the password to convert to utf16 and
never frees the copy. It does memset the copy to 0 when done.
ticket: new
requestors: schommer@gmail.com
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16771
dc483132-0cff-0310-8789-
dd5450dbe970
+2004-09-21 Sam Hartman <hartmans@mit.edu>
+
+ * string_to_key.c (krb5int_arcfour_string_to_key): Free the copy
+ of the password, thanks to Derrick Schommer
+
2004-02-18 Ken Raeburn <raeburn@mit.edu>
* arcfour.c: Use ANSI C style function definitions.
/* Zero out the data behind us */
memset (copystr, 0, len);
memset(&md4_context, 0, sizeof(md4_context));
+ free(copystr);
return 0;
}