Zero out stack variables in process_tgs_req()

It is general good hygeine, preventing stack garbage from accidentally
leaking out into other consumers.

Don't bother with variables that are only used in a single place, but
do initialize the 'magic' field of nolrentry before it is used.

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index ae5e7572ea330ee8e74959a2ea31d18e6924b7cd..107e2c264d27de9ac089d9896955c3c4324b217d 100644 (file)
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -137,10 +137,10 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
     krb5_pa_data **e_data = NULL;
     kdc_realm_t *kdc_active_realm = NULL;
 
-    reply.padata = 0; /* For cleanup handler */
-    reply_encpart.enc_padata = 0;
-    enc_tkt_reply.authorization_data = NULL;
-
+    memset(&reply, 0, sizeof(reply));
+    memset(&reply_encpart, 0, sizeof(reply_encpart));
+    memset(&ticket_reply, 0, sizeof(ticket_reply));
+    memset(&enc_tkt_reply, 0, sizeof(enc_tkt_reply));
     session_key.contents = NULL;
 
     retval = decode_krb5_tgs_req(pkt, &request);
@@ -701,6 +701,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
 
     nolrentry.lr_type = KRB5_LRQ_NONE;
     nolrentry.value = 0;
+    nolrentry.magic = 0;
     nolrarray[0] = &nolrentry;
     nolrarray[1] = 0;
     reply_encpart.last_req = nolrarray;        /* not available for TGS reqs */