memory leak in arcfour string_to_key

Derrick Schommer reports that arcfour's string_to_key function leaks
memory.  This is true; it copies the password to convert to utf16 and
never frees the copy.  It does memset the copy to 0 when done.

ticket: new
requestors: schommer@gmail.com

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16771 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 6 insertions, 0 deletions

diff --git a/src/lib/crypto/arcfour/ChangeLog b/src/lib/crypto/arcfour/ChangeLog
index 9e83947..7f5d638 100644
--- a/src/lib/crypto/arcfour/ChangeLog
+++ b/src/lib/crypto/arcfour/ChangeLog
@@ -1,3 +1,8 @@
+2004-09-21  Sam Hartman  <hartmans@mit.edu>
+
+	* string_to_key.c (krb5int_arcfour_string_to_key): Free the copy
+	of the password, thanks to Derrick Schommer 
+
 2004-02-18  Ken Raeburn  <raeburn@mit.edu>
 
 	* arcfour.c: Use ANSI C style function definitions.
diff --git a/src/lib/crypto/arcfour/string_to_key.c b/src/lib/crypto/arcfour/string_to_key.c
index 2212d71..57a64b3 100644
--- a/src/lib/crypto/arcfour/string_to_key.c
+++ b/src/lib/crypto/arcfour/string_to_key.c
@@ -65,5 +65,6 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
   /* Zero out the data behind us */
   memset (copystr, 0, len);
   memset(&md4_context, 0, sizeof(md4_context));
+  free(copystr);
   return 0;
 }