[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Tue Mar 16 11:23:42 MDT 2010


The branch, master has been updated
       via  2bdece1... kerberos - set the memory to "0"s before freeing the password to prevent security issues
      from  a6c5747... heimdal - remove unused variable

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2bdece18c62c5119d2a7c85b0044ec3c9234445c
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Tue Mar 16 18:20:51 2010 +0100

    kerberos - set the memory to "0"s before freeing the password to prevent security issues

-----------------------------------------------------------------------

Summary of changes:
 source4/heimdal/lib/krb5/init_creds_pw.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index 5901c55..c326fa4 100644
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -107,8 +107,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
 	free (ctx->pre_auth_types);
     if (ctx->in_tkt_service)
 	free(ctx->in_tkt_service);
-    if (ctx->password)
+    if (ctx->password) {
+        memset(ctx->password, 0, strlen(ctx->password));
         free(ctx->password);
+    }
     if (ctx->keytab_data)
 	free(ctx->keytab_data);
     krb5_data_free(&ctx->req_buffer);
@@ -1355,8 +1357,10 @@ krb5_init_creds_set_password(krb5_context context,
 			     krb5_init_creds_context ctx,
 			     const char *password)
 {
-    if (ctx->password)
+    if (ctx->password) {
+        memset(ctx->password, 0, strlen(ctx->password));
         free(ctx->password);
+    }
     if (password) {
 	ctx->password = strdup(password);
 	if (ctx->password == NULL) {


-- 
Samba Shared Repository


More information about the samba-cvs mailing list