From 0b950745e7a562e33c786f40058ee99228e5e317 Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Wed, 19 Dec 1990 11:34:24 +0000
Subject: [PATCH] Changed to zero out the session key before freeing the
 credentials structure

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1567 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/free/f_cred_cnt.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/lib/krb5/free/f_cred_cnt.c b/src/lib/krb5/free/f_cred_cnt.c
index 89d532c71..959272907 100644
--- a/src/lib/krb5/free/f_cred_cnt.c
+++ b/src/lib/krb5/free/f_cred_cnt.c
@@ -19,6 +19,11 @@ static char rcsid_f_cred_cnt_c [] =
 #include <krb5/krb5.h>
 #include <krb5/ext-proto.h>
 
+/*
+ * krb5_free_cred_contents zeros out the session key, and then frees
+ * the credentials structures 
+ */
+
 void
 krb5_free_cred_contents(val)
 krb5_creds *val;
@@ -27,8 +32,10 @@ krb5_creds *val;
 	krb5_free_principal(val->client);
     if (val->server)
 	krb5_free_principal(val->server);
-    if (val->keyblock.contents)
+    if (val->keyblock.contents) {
+	memset((char *)val->keyblock.contents, 0, val->keyblock.length);
 	xfree(val->keyblock.contents);
+    }
     if (val->ticket.data)
 	xfree(val->ticket.data);
     if (val->second_ticket.data)
-- 
2.26.2