From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 10 Aug 2023 04:58:31 +0000 (+1200)
Subject: s4:kdc: Erase key data
X-Git-Tag: tevent-0.16.0~991
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e5e2f0b2cb9fe4ac00c794dd9f80156ad0c4d50;p=thirdparty%2Fsamba.git

s4:kdc: Erase key data

If we’re going to zero the keys before freeing them, we might as well do
it properly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c
index 466e53921cd..7214cbc317e 100644
--- a/source4/kdc/sdb_to_kdb.c
+++ b/source4/kdc/sdb_to_kdb.c
@@ -222,7 +222,7 @@ static void free_krb5_db_entry(krb5_context context,
 			for (j = 0; j < k->key_data[i].key_data_ver; j++) {
 				if (k->key_data[i].key_data_length[j] != 0) {
 					if (k->key_data[i].key_data_contents[j] != NULL) {
-						memset(k->key_data[i].key_data_contents[j], 0, k->key_data[i].key_data_length[j]);
+						BURN_PTR_SIZE(k->key_data[i].key_data_contents[j], k->key_data[i].key_data_length[j]);
 						free(k->key_data[i].key_data_contents[j]);
 					}
 				}