+2003-06-02 Tom Yu <tlyu@mit.edu>
+
+ * change_password.c (krb_change_password): Explicitly zero the
+ session key. Zero the key derived from the new password.
+
+ * mk_req.c (krb_mk_req): Explicitly zero the session key.
+ (krb_mk_req_creds_prealm): Don't zero the session key, in case the
+ caller wants to make use of it.
+
2003-05-24 Ken Raeburn <raeburn@mit.edu>
* lifetime.c (krb_life_to_time, krb_time_to_life): Rewrite to use
p = key;
KRB4_GET32BE(tempKey, p);
sendSize += vts_long(tempKey, &sendStream, (int)sendSize);
+ tempKey = 0;
if (newPassword) {
sendSize += vts_string(newPassword, &sendStream, (int)sendSize);
kadm_cli_disconn(&client_parm);
cleanup:
+ memset(&client_parm.creds.session, 0, sizeof(client_parm.creds.session));
+ memset(&key, 0, sizeof(key));
return err;
}
+ 1 + 1 + ticket->length)
|| ticket->length < 0 || ticket->length > 255) {
authent->length = 0;
- memset(creds->session, 0, sizeof(creds->session));
return KFAILURE;
}
myrealmlen = strlen(myrealm) + 1;
if (sizeof(req_id->dat) / 8 < (pnamelen + pinstlen + myrealmlen
+ 4 + 1 + 4 + 7) / 8) {
- memset(creds->session, 0, sizeof(creds->session));
return KFAILURE;
}
(long)req_id->length, key_s, &creds->session, 1);
/* clean up */
memset(key_s, 0, sizeof(key_s));
- memset(creds->session, 0, sizeof(creds->session));
#endif /* NOENCRYPTION */
/* Copy it into the authenticator */
if (retval != KSUCCESS)
return retval;
- return krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm);
+ retval = krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm);
+ memset(&creds.session, 0, sizeof(creds.session));
+ return retval;
}
int KRB5_CALLCONV
projects / krb5.git / commitdiff