diff options
author | Sam Hartman <hartmans@mit.edu> | 2004-09-21 20:39:19 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2004-09-21 20:39:19 +0000 |
commit | 3170edb46d86cda141bc07a845350d2b366bcb87 (patch) | |
tree | 5f406b9439b8fdbcb1951a43522ba65812741216 | |
parent | ac8eb05c5bae434c5da93b417d32b0ecfdb642e4 (diff) | |
download | krb5-3170edb46d86cda141bc07a845350d2b366bcb87.zip krb5-3170edb46d86cda141bc07a845350d2b366bcb87.tar.gz krb5-3170edb46d86cda141bc07a845350d2b366bcb87.tar.bz2 |
memory leak in arcfour string_to_key
Derrick Schommer reports that arcfour's string_to_key function leaks
memory. This is true; it copies the password to convert to utf16 and
never frees the copy. It does memset the copy to 0 when done.
ticket: new
requestors: schommer@gmail.com
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16771 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/crypto/arcfour/ChangeLog | 5 | ||||
-rw-r--r-- | src/lib/crypto/arcfour/string_to_key.c | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/crypto/arcfour/ChangeLog b/src/lib/crypto/arcfour/ChangeLog index 9e83947..7f5d638 100644 --- a/src/lib/crypto/arcfour/ChangeLog +++ b/src/lib/crypto/arcfour/ChangeLog @@ -1,3 +1,8 @@ +2004-09-21 Sam Hartman <hartmans@mit.edu> + + * string_to_key.c (krb5int_arcfour_string_to_key): Free the copy + of the password, thanks to Derrick Schommer + 2004-02-18 Ken Raeburn <raeburn@mit.edu> * arcfour.c: Use ANSI C style function definitions. diff --git a/src/lib/crypto/arcfour/string_to_key.c b/src/lib/crypto/arcfour/string_to_key.c index 2212d71..57a64b3 100644 --- a/src/lib/crypto/arcfour/string_to_key.c +++ b/src/lib/crypto/arcfour/string_to_key.c @@ -65,5 +65,6 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, /* Zero out the data behind us */ memset (copystr, 0, len); memset(&md4_context, 0, sizeof(md4_context)); + free(copystr); return 0; } |