From 3170edb46d86cda141bc07a845350d2b366bcb87 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 21 Sep 2004 20:39:19 +0000 Subject: memory leak in arcfour string_to_key Derrick Schommer reports that arcfour's string_to_key function leaks memory. This is true; it copies the password to convert to utf16 and never frees the copy. It does memset the copy to 0 when done. ticket: new requestors: schommer@gmail.com git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16771 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/arcfour/ChangeLog | 5 +++++ src/lib/crypto/arcfour/string_to_key.c | 1 + 2 files changed, 6 insertions(+) diff --git a/src/lib/crypto/arcfour/ChangeLog b/src/lib/crypto/arcfour/ChangeLog index 9e83947..7f5d638 100644 --- a/src/lib/crypto/arcfour/ChangeLog +++ b/src/lib/crypto/arcfour/ChangeLog @@ -1,3 +1,8 @@ +2004-09-21 Sam Hartman + + * string_to_key.c (krb5int_arcfour_string_to_key): Free the copy + of the password, thanks to Derrick Schommer + 2004-02-18 Ken Raeburn * arcfour.c: Use ANSI C style function definitions. diff --git a/src/lib/crypto/arcfour/string_to_key.c b/src/lib/crypto/arcfour/string_to_key.c index 2212d71..57a64b3 100644 --- a/src/lib/crypto/arcfour/string_to_key.c +++ b/src/lib/crypto/arcfour/string_to_key.c @@ -65,5 +65,6 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, /* Zero out the data behind us */ memset (copystr, 0, len); memset(&md4_context, 0, sizeof(md4_context)); + free(copystr); return 0; } -- cgit v1.1