Clearing credentials question

Greg Hudson ghudson at MIT.EDU
Thu Jan 6 18:56:01 EST 2011

On Thu, 2011-01-06 at 18:04 -0500, Markus Moeller wrote:
> Shouldn't 
> krb5_free_keyblock_contents check if the content is not zero ?

It does.

> int main() {
> krb5_creds  creds;
> code = krb5_parse_name(context, cclient, &creds.client);
> code = krb5_parse_name(context, cserver, &creds.server);
> krb5_free_cred_contents(context, &creds);

You declared creds as an automatic variable and didn't initialize it, so
all of its fields except for client and server contain stack garbage at
the time of the krb5_free_cred_contents call.

More information about the Kerberos mailing list