From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 11 Sep 2010 16:57:59 +0000 (+0000)
Subject: In the NSS mit_des_string_to_key_int, zero out pbe_params before
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9dce022f833472af5852a163d19a7ebf85a1df9;p=thirdparty%2Fkrb5.git

In the NSS mit_des_string_to_key_int, zero out pbe_params before
filling it in, to avoid passing uninitialized fields to
PK11_RawPBEKeyGen.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/nss@24305 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/nss/des/string2key.c b/src/lib/crypto/nss/des/string2key.c
index 27c5c9ea71..15c0adde8c 100644
--- a/src/lib/crypto/nss/des/string2key.c
+++ b/src/lib/crypto/nss/des/string2key.c
@@ -54,6 +54,7 @@ mit_des_string_to_key_int(krb5_keyblock *key, const krb5_data *pw,
 
     pwItem.data = (unsigned char *)pw->data;
     pwItem.len = pw->length;
+    memset(&pbe_params, 0, sizeof(pbe_params));
     pbe_params.pSalt = (unsigned char *)salt->data;
     pbe_params.ulSaltLen = salt->length;
     pbe_params.ulIteration = 1;