From: Luke Howard <lukeh@padl.com>
Date: Fri, 18 Mar 2011 12:59:24 +0000 (+1100)
Subject: don't leak defaultCreds
X-Git-Tag: dvd/201105~12^2~76
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=77f8c14891550436d5e7519fd812806a44e4d3c7

don't leak defaultCreds
---

diff --git a/util_cred.c b/util_cred.c
index b9f8be0..1a18911 100644
--- a/util_cred.c
+++ b/util_cred.c
@@ -289,9 +289,10 @@ gssEapAcquireCred(OM_uint32 *minor,
 
         cred->flags |= CRED_FLAG_PASSWORD;
     } else if (defaultCreds.value != NULL) {
-        major = duplicateBuffer(minor, &defaultCreds, &cred->password);
-        if (GSS_ERROR(major))
-            goto cleanup;
+        cred->password = defaultCreds;
+
+        defaultCreds.length = 0;
+        defaultCreds.value = NULL;
 
         cred->flags |= CRED_FLAG_PASSWORD;
     } else if (cred->flags & CRED_FLAG_INITIATE) {
@@ -333,6 +334,10 @@ gssEapAcquireCred(OM_uint32 *minor,
 cleanup:
     if (GSS_ERROR(major))
         gssEapReleaseCred(&tmpMinor, &cred);
+    if (defaultCreds.value != NULL) {
+        memset(defaultCreds.value, 0, defaultCreds.length);
+        gss_release_buffer(&tmpMinor, &defaultCreds);
+    }
 
     return major;
 }