kerberos - set the memory to "0"s before freeing the password to prevent security...

diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c
index 5901c553192424850248d9c3aa6449aa6b0bb5ac..c326fa4df724cba8240c0081a0f45091c81ef500 100644 (file)
--- a/source4/heimdal/lib/krb5/init_creds_pw.c
+++ b/source4/heimdal/lib/krb5/init_creds_pw.c
@@ -107,8 +107,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
        free (ctx->pre_auth_types);
     if (ctx->in_tkt_service)
        free(ctx->in_tkt_service);
-    if (ctx->password)
+    if (ctx->password) {
+        memset(ctx->password, 0, strlen(ctx->password));
         free(ctx->password);
+    }
     if (ctx->keytab_data)
        free(ctx->keytab_data);
     krb5_data_free(&ctx->req_buffer);
@@ -1355,8 +1357,10 @@ krb5_init_creds_set_password(krb5_context context,
                             krb5_init_creds_context ctx,
                             const char *password)
 {
-    if (ctx->password)
+    if (ctx->password) {
+        memset(ctx->password, 0, strlen(ctx->password));
         free(ctx->password);
+    }
     if (password) {
        ctx->password = strdup(password);
        if (ctx->password == NULL) {