[krbdev.mit.edu #8713] git commit
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Mon Jul 16 10:10:20 EDT 2018
Zap copy of secret in RC4 string-to-key
Commit b8814745049b5f401e3ae39a81dc1e14598ae48c (ticket 8576) added a
zero-terminated copy of the input string in
krb5int_arcfour_string_to_key(). This copy should be zeroed when
freed as the input string typically contains a password.
[ghudson at mit.edu: rewrote commit message]
https://github.com/krb5/krb5/commit/5d19f90f3216309c311507acbca2c8d0a286d632
Author: Dylan Gray <35609490+Dylan-MSFT at users.noreply.github.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 5d19f90f3216309c311507acbca2c8d0a286d632
Branch: master
src/lib/crypto/krb/s2k_rc4.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
More information about the krb5-bugs
mailing list