Clearing credentials question
Russ Allbery
rra at stanford.edu
Thu Jan 6 22:20:28 EST 2011
"Markus Moeller" <huaraz at moeller.plus.com> writes:
> "Greg Hudson" <ghudson at MIT.EDU> wrote:
>>> int main() {
>> [...]
>>> krb5_creds creds;
>> [...]
>>> code = krb5_parse_name(context, cclient, &creds.client);
>>> code = krb5_parse_name(context, cserver, &creds.server);
>> [...]
>>> krb5_free_cred_contents(context, &creds);
>> You declared creds as an automatic variable and didn't initialize it, so
>> all of its fields except for client and server contain stack garbage at
>> the time of the krb5_free_cred_contents call.
> I get the same error if I set
> creds.keyblock.contents = NULL;
> before cleaning the content.
memset(&creds, 0, sizeof(creds));
You need to zero the whole thing, not just a few fields, to be sure that
you've caught any stray fields that may make the library think that
there's allocated data to clear.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list