From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 26 Mar 2018 15:24:49 +0000 (-0400)
Subject: Use k5_buf_init_dynamic_zap where appropriate
X-Git-Tag: krb5-1.17-beta1~154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F752%2Fhead;p=thirdparty%2Fkrb5.git

Use k5_buf_init_dynamic_zap where appropriate
---

diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index 6789c09e18..9263a00548 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -758,7 +758,7 @@ fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
 
     memset(creds, 0, sizeof(*creds));
     k5_cc_mutex_lock(context, &data->lock);
-    k5_buf_init_dynamic(&buf);
+    k5_buf_init_dynamic_zap(&buf);
 
     ret = krb5_lock_file(context, fileno(fcursor->fp), KRB5_LOCKMODE_SHARED);
     if (ret)
@@ -982,7 +982,7 @@ fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
         goto cleanup;
 
     /* Marshal the cred and write it to the file with a single append write. */
-    k5_buf_init_dynamic(&buf);
+    k5_buf_init_dynamic_zap(&buf);
     k5_marshal_cred(&buf, version, creds);
     ret = k5_buf_status(&buf);
     if (ret)
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index fba710b1b6..8419f6ebff 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -1295,7 +1295,7 @@ krcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
         goto errout;
 
     /* Serialize credential using the file ccache version 4 format. */
-    k5_buf_init_dynamic(&buf);
+    k5_buf_init_dynamic_zap(&buf);
     k5_marshal_cred(&buf, 4, creds);
     ret = k5_buf_status(&buf);
     if (ret)
diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c
index 5cfc2c512b..08cef4168b 100644
--- a/src/util/support/utf8_conv.c
+++ b/src/util/support/utf8_conv.c
@@ -99,7 +99,9 @@ k5_utf8_to_utf16le(const char *utf8, uint8_t **utf16_out, size_t *nbytes_out)
     *utf16_out = NULL;
     *nbytes_out = 0;
 
-    k5_buf_init_dynamic(&buf);
+    /* UTF-16 conversion is used for RC4 string-to-key, so treat this data as
+     * sensitive. */
+    k5_buf_init_dynamic_zap(&buf);
 
     /* Examine next UTF-8 character. */
     while (*utf8 != '\0') {