memory leak in arcfour string_to_key

Derrick Schommer reports that arcfour's string_to_key function leaks memory. This is true; it copies the password to convert to utf16 and never frees the copy. It does memset the copy to 0 when done. ticket: new requestors: schommer@gmail.com git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16771 dc483132-0cff-0310-8789-dd5450dbe970
author: Sam Hartman <hartmans@mit.edu> 2004-09-21 20:39:19 +0000
committer: Sam Hartman <hartmans@mit.edu> 2004-09-21 20:39:19 +0000
commit: 3170edb46d86cda141bc07a845350d2b366bcb87 (patch)
tree: 5f406b9439b8fdbcb1951a43522ba65812741216 /src/lib/crypto/arcfour/ChangeLog
parent: ac8eb05c5bae434c5da93b417d32b0ecfdb642e4 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/crypto/arcfour/ChangeLog b/src/lib/crypto/arcfour/ChangeLog
index 9e8394710e..7f5d638e57 100644
--- a/src/lib/crypto/arcfour/ChangeLog
+++ b/src/lib/crypto/arcfour/ChangeLog
@@ -1,3 +1,8 @@
+2004-09-21  Sam Hartman  <hartmans@mit.edu>
+
+	* string_to_key.c (krb5int_arcfour_string_to_key): Free the copy
+	of the password, thanks to Derrick Schommer 
+
 2004-02-18  Ken Raeburn  <raeburn@mit.edu>
 
 	* arcfour.c: Use ANSI C style function definitions.
author	Sam Hartman <hartmans@mit.edu>	2004-09-21 20:39:19 +0000
committer	Sam Hartman <hartmans@mit.edu>	2004-09-21 20:39:19 +0000
commit	3170edb46d86cda141bc07a845350d2b366bcb87 (patch)
tree	5f406b9439b8fdbcb1951a43522ba65812741216 /src/lib/crypto/arcfour/ChangeLog
parent	ac8eb05c5bae434c5da93b417d32b0ecfdb642e4 (diff)