heimdal-history now requires the Perl modules Const::Fast and
JSON::MaybeXS instead of Readonly and JSON.
+ Explicitly erase the copy of the password made in the Heimdal plugin.
+
Update to rra-c-util 10.5:
* Assume a working snprintf rather than supplying a replacement.
* instead.
*
* Written by Russ Allbery <eagle@eyrie.org>
- * Copyright 2020 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2020, 2023 Russ Allbery <eagle@eyrie.org>
* Copyright 2009, 2013
* The Board of Trustees of the Leland Stanford Junior University
*
*/
static int
heimdal_pwcheck(krb5_context ctx, krb5_principal principal,
- krb5_data *password, const char *tuning UNUSED, char *message,
- size_t length)
+ krb5_data *password, const char *tuning UNUSED,
+ char *message, size_t length)
{
krb5_pwqual_moddata data = NULL;
char *pastring;
convert_error(ctx, code, NULL, message, length);
done:
+ explicit_bzero(pastring, password->length);
free(pastring);
if (name != NULL)
krb5_free_unparsed_name(ctx, name);