kadmind: fix pw leak from CVE-2016-2400 fix

diff --git a/kadmin/server.c b/kadmin/server.c
index 8237697969043a2024e03a41473f1c394e23c863..b339a9ac72343b94eb3756ae30e215a41db6bbcf 100644 (file)
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -194,6 +194,8 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
             ret = check_aliases(contextp, &ent, NULL);
             if (ret) {
                 kadm5_free_principal_ent(kadm_handlep, &ent);
+                memset(password, 0, strlen(password));
+                free(password);
                 goto fail;
             }
         }