Zap data when freeing krb5_spake_factor

krb5_spake_factor structures will sometimes hold sensitive data when
second-factor SPAKE is implemented, so should be zapped when freed.

ticket: 8647

diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c
index e1ea1494acd818b20cc79b742b6690a7bff6802f..71e7fcad069ed99d61d157c1da533ed1e2fe0c5b 100644 (file)
--- a/src/lib/krb5/krb/kfree.c
+++ b/src/lib/krb5/krb/kfree.c
@@ -897,7 +897,9 @@ k5_free_spake_factor(krb5_context context, krb5_spake_factor *val)
 {
     if (val == NULL)
         return;
-    krb5_free_data(context, val->data);
+    if (val->data != NULL)
+        zapfree(val->data->data, val->data->length);
+    free(val->data);
     free(val);
 }