[4418] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

kpasswd also doesn't zero password buffer

daemon@ATHENA.MIT.EDU (Jim Miller)
Mon Jan 2 20:34:14 1995

From: jim@bilbo.suite.com (Jim Miller)
Date: Mon, 2 Jan 95 19:27:12 -0600
To: krb5-bugs@MIT.EDU
Cc: kerberos@MIT.EDU
Reply-To: Jim_Miller@suite.com

This bug report is for KRB5, beta 4, patchlevel 3.

The program "kpasswd" does not zero the buffer "new_password" before  
freeing it.  It also doesn't zero or free "inbuf.data" if either call to  
krb5_mk_priv fails (actually, it only needs to zero it after the second  
call because at that time it holds a copy of "new_password").

Also, and these aren't that critical, the buffers "client_name",  
"my_addresses, and "old_password" don't get freed upon a few of the  
failure cases in the function "get_first_ticket".

Jim_Miller@suite.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4418] in Kerberos

kpasswd also doesn't zero password buffer

daemon@ATHENA.MIT.EDU (Jim Miller)Mon Jan 2 20:34:14 1995

daemon@ATHENA.MIT.EDU (Jim Miller)
Mon Jan 2 20:34:14 1995