Derrick Schommer reports that arcfour's string_to_key function leaks
memory.  This is true; it copies the password to convert to utf16 and
never frees the copy.  It does memset the copy to 0 when done.


To generate a diff of this commit:



	cvs diff -r1.21 -r1.22 krb5/src/lib/crypto/arcfour/ChangeLog
	cvs diff -r1.6 -r1.7 krb5/src/lib/crypto/arcfour/string_to_key.c