]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ee8246)
Use k5_buf_init_dynamic_zap where appropriate 752/head
authorGreg Hudson <ghudson@mit.edu>
Mon, 26 Mar 2018 15:24:49 +0000 (11:24 -0400)
committerGreg Hudson <ghudson@mit.edu>
Mon, 26 Mar 2018 19:57:58 +0000 (15:57 -0400)
src/lib/krb5/ccache/cc_file.c patch | blob | blame | history
src/lib/krb5/ccache/cc_keyring.c patch | blob | blame | history
src/util/support/utf8_conv.c patch | blob | blame | history

diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index 6789c09e189c54c8379566aed3a4c8d495a960f1..9263a0054835bb265e3bc7b9d3485f268fbf98b9 100644 (file)
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -758,7 +758,7 @@ fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
 
     memset(creds, 0, sizeof(*creds));
     k5_cc_mutex_lock(context, &data->lock);
-    k5_buf_init_dynamic(&buf);
+    k5_buf_init_dynamic_zap(&buf);
 
     ret = krb5_lock_file(context, fileno(fcursor->fp), KRB5_LOCKMODE_SHARED);
     if (ret)
@@ -982,7 +982,7 @@ fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
         goto cleanup;
 
     /* Marshal the cred and write it to the file with a single append write. */
-    k5_buf_init_dynamic(&buf);
+    k5_buf_init_dynamic_zap(&buf);
     k5_marshal_cred(&buf, version, creds);
     ret = k5_buf_status(&buf);
     if (ret)
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index fba710b1b65109dbc94b6202dd922f683f0ddba5..8419f6ebff6a27dba6a9bf2685cfe3b03bda1f05 100644 (file)
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -1295,7 +1295,7 @@ krcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
         goto errout;
 
     /* Serialize credential using the file ccache version 4 format. */
-    k5_buf_init_dynamic(&buf);
+    k5_buf_init_dynamic_zap(&buf);
     k5_marshal_cred(&buf, 4, creds);
     ret = k5_buf_status(&buf);
     if (ret)
diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c
index 5cfc2c512b8625fc5290ba6d8d6494f990507633..08cef4168bec7ede5f7b0b7669cb3c594767b15b 100644 (file)
--- a/src/util/support/utf8_conv.c
+++ b/src/util/support/utf8_conv.c
@@ -99,7 +99,9 @@ k5_utf8_to_utf16le(const char *utf8, uint8_t **utf16_out, size_t *nbytes_out)
     *utf16_out = NULL;
     *nbytes_out = 0;
 
-    k5_buf_init_dynamic(&buf);
+    /* UTF-16 conversion is used for RC4 string-to-key, so treat this data as
+     * sensitive. */
+    k5_buf_init_dynamic_zap(&buf);
 
     /* Examine next UTF-8 character. */
     while (*utf8 != '\0') {
Mirror of https://github.com/krb5/krb5.git