krb5 commit: Zero out stack variables in process_tgs_req()
Benjamin Kaduk
kaduk at MIT.EDU
Fri Oct 4 13:23:36 EDT 2013
https://github.com/krb5/krb5/commit/040f621b5071564b6b479e3375c9d63cbd3ee471
commit 040f621b5071564b6b479e3375c9d63cbd3ee471
Author: Ben Kaduk <kaduk at mit.edu>
Date: Thu Oct 3 13:57:40 2013 -0400
Zero out stack variables in process_tgs_req()
It is general good hygeine, preventing stack garbage from accidentally
leaking out into other consumers.
Don't bother with variables that are only used in a single place, but
do initialize the 'magic' field of nolrentry before it is used.
src/kdc/do_tgs_req.c | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index ae5e757..107e2c2 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -137,10 +137,10 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
krb5_pa_data **e_data = NULL;
kdc_realm_t *kdc_active_realm = NULL;
- reply.padata = 0; /* For cleanup handler */
- reply_encpart.enc_padata = 0;
- enc_tkt_reply.authorization_data = NULL;
-
+ memset(&reply, 0, sizeof(reply));
+ memset(&reply_encpart, 0, sizeof(reply_encpart));
+ memset(&ticket_reply, 0, sizeof(ticket_reply));
+ memset(&enc_tkt_reply, 0, sizeof(enc_tkt_reply));
session_key.contents = NULL;
retval = decode_krb5_tgs_req(pkt, &request);
@@ -701,6 +701,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
nolrentry.lr_type = KRB5_LRQ_NONE;
nolrentry.value = 0;
+ nolrentry.magic = 0;
nolrarray[0] = &nolrentry;
nolrarray[1] = 0;
reply_encpart.last_req = nolrarray; /* not available for TGS reqs */
More information about the cvs-krb5
mailing list