From: Alexandra Ellwood Date: Fri, 10 Oct 2008 20:55:24 +0000 (+0000) Subject: always zero out authentication strings X-Git-Tag: krb5-1.7-alpha1~317 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6cee5c1cd0f5f228bf9d677c77114ec0488163fd;p=krb5.git always zero out authentication strings strings returned by the UI are usually passwords or pins and should not get dripped all over memory. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20863 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kim/lib/kim_ui.c b/src/kim/lib/kim_ui.c index ccc59f440..e52cd9bb2 100644 --- a/src/kim/lib/kim_ui.c +++ b/src/kim/lib/kim_ui.c @@ -319,9 +319,9 @@ krb5_error_code kim_ui_prompter (krb5_context in_krb5_context, /* Clean up reply buffer. Saved passwords are allocated by KIM. */ if (reply) { - memset (reply, '\0', strlen (reply)); - if (got_saved_password) { - kim_string_free ((kim_string *) &reply); + if (got_saved_password) { + memset (reply, '\0', strlen (reply)); + kim_string_free ((kim_string *) &reply); } else { kim_ui_free_string (context, &reply); } @@ -445,6 +445,9 @@ void kim_ui_free_string (kim_ui_context *in_context, kim_error err = kim_ui_init_lazy (in_context); if (!err && in_context && io_string && *io_string) { + /* most ui strings are auth information so zero before freeing */ + memset (*io_string, '\0', strlen (*io_string)); + if (in_context->type == kim_ui_type_gui_plugin) { kim_ui_plugin_free_string (in_context, io_string);