From 3c725a465e94e1de7a1cb220d3c4e596aebcd60f Mon Sep 17 00:00:00 2001
From: "ghudson@MIT.EDU" <ghudson@MIT.EDU>
Date: Mon, 13 Jun 2011 21:11:31 -0400
Subject: [PATCH] Initialize zero before using it in unwrap_des().
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Heimdal since fc702a97f521594cf5b835db7cdcc196c730715e (August 2009)
can't process DES wrap tokens unless the stack garbage in the zero
array happens to be all zeros.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
---
 lib/gssapi/krb5/unwrap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
index 3c7ba2944..d6bc20477 100644
--- a/lib/gssapi/krb5/unwrap.c
+++ b/lib/gssapi/krb5/unwrap.c
@@ -98,6 +98,7 @@ unwrap_des
   if(cstate) {
       /* decrypt data */
       memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+      memset (&zero, 0, sizeof(zero));
 
       for (i = 0; i < sizeof(deskey); ++i)
 	  deskey[i] ^= 0xf0;
-- 
2.11.4.GIT