[4417] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

kadmin_cpw doesn't zero password buffer

daemon@ATHENA.MIT.EDU (Jim Miller)
Mon Jan 2 19:35:03 1995

From: jim@bilbo.suite.com (Jim Miller)
Date: Mon, 2 Jan 95 18:26:37 -0600
To: krb5-bugs@MIT.EDU
Cc: kerberos@MIT.EDU
Reply-To: Jim_Miller@suite.com

This bug report is for KRB5, beta 4, patchlevel 3.

The "not MACH_PASS" section of the function "kadm_cpw_user" allocates a  
buffer to hold the administrator's password.  This buffer is zero'd  
berfore being freed only if there's an error.  It is not zero'd upon  
success.  Also, the text of the password is copied into the buffer  
"inbuf.data".  However, "inbuf.data" is not zero'd before being freed.

Solution:

Put the following lines in the obvious places...

   (void) memset((char *) password, 0, ADM_MAX_PW_LENGTH+1);

   (void) memset((char *) inbuf.data, 0, inbuf.length);

Jim_Miller@suite.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4417] in Kerberos

kadmin_cpw doesn't zero password buffer

daemon@ATHENA.MIT.EDU (Jim Miller)Mon Jan 2 19:35:03 1995

daemon@ATHENA.MIT.EDU (Jim Miller)
Mon Jan 2 19:35:03 1995