Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: hartmans@mit.edu
Subject: CVS Commit
X-RT-Original-Encoding: iso-8859-1
Content-Length: 370

Derrick Schommer reports that arcfour's string_to_key function leaks
memory.  This is true; it copies the password to convert to utf16 and
never frees the copy.  It does memset the copy to 0 when done.


To generate a diff of this commit:



	cvs diff -r1.21 -r1.22 krb5/src/lib/crypto/arcfour/ChangeLog
	cvs diff -r1.6 -r1.7 krb5/src/lib/crypto/arcfour/string_to_key.c