Clearing credentials question

Russ Allbery rra at
Thu Jan 6 22:20:28 EST 2011

"Markus Moeller" <huaraz at> writes:
> "Greg Hudson" <ghudson at MIT.EDU> wrote:

>>> int main() {
>> [...]
>>> krb5_creds  creds;
>> [...]
>>> code = krb5_parse_name(context, cclient, &creds.client);
>>> code = krb5_parse_name(context, cserver, &creds.server);
>> [...]
>>> krb5_free_cred_contents(context, &creds);

>> You declared creds as an automatic variable and didn't initialize it, so
>> all of its fields except for client and server contain stack garbage at
>> the time of the krb5_free_cred_contents call.

> I get the same error if I set

> creds.keyblock.contents = NULL;

> before cleaning the content.

memset(&creds, 0, sizeof(creds));

You need to zero the whole thing, not just a few fields, to be sure that
you've caught any stray fields that may make the library think that
there's allocated data to clear.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list