krb5 commit: Fix trivial KDC memory leak with test KDB module

Mon Feb 26 17:16:33 EST 2018

https://github.com/krb5/krb5/commit/14f03abd6d5dee71d45293c9369b6cfeaf8a1be5
commit 14f03abd6d5dee71d45293c9369b6cfeaf8a1be5
Author: sashan <anedvedicky at gmail.com>
Date:   Tue Feb 20 22:35:51 2018 +0100

    Fix trivial KDC memory leak with test KDB module
    
    If a KDB module zeroes out the master key in its fetch_master_key()
    method (as the test KDB module does), krb5_db_fetch_mkey() will copy
    it, allocating one byte of memory for the contents.  The KDC will then
    leak it on exit, as the length is zero.  Simplify master key
    destruction using zapfree().
    
    [ghudson at mit.edu: wrote commit message]

 src/kdc/main.c |    6 +-----
 1 files changed, 1 insertions(+), 5 deletions(-)

diff --git a/src/kdc/main.c b/src/kdc/main.c
index e1ee3a9..96281ad 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -161,11 +161,7 @@ finish_realm(kdc_realm_t *rdp)
     if (rdp->realm_context) {
         if (rdp->realm_mprinc)
             krb5_free_principal(rdp->realm_context, rdp->realm_mprinc);
-        if (rdp->realm_mkey.length && rdp->realm_mkey.contents) {
-            /* XXX shouldn't memset be zap for safety? */
-            memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
-            free(rdp->realm_mkey.contents);
-        }
+        zapfree(rdp->realm_mkey.contents, rdp->realm_mkey.length);
         krb5_db_fini(rdp->realm_context);
         if (rdp->realm_tgsprinc)
             krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
