From 56fe2f86206be60200542e9668c400a8767ea2e9 Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <kaduk@mit.edu>
Date: Sat, 22 Sep 2018 09:27:06 -0500
Subject: [PATCH] Clear DES key (schedule) in unwrap BAD_MIC case

We generally clear out the cryptographic key and key schedule from
local variables before relinquishing control flow, but this case was
missed.  Reported by jhb@FreeBSD.org.
---
 lib/gssapi/krb5/unwrap.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c
index da939c0529..57a4d4aeb5 100644
--- a/lib/gssapi/krb5/unwrap.c
+++ b/lib/gssapi/krb5/unwrap.c
@@ -135,8 +135,11 @@ unwrap_des
   DES_set_key_unchecked (&deskey, &schedule);
   DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
 		 &schedule, &zero);
-  if (ct_memcmp (p - 8, hash, 8) != 0)
+  if (ct_memcmp (p - 8, hash, 8) != 0) {
+    memset_s(&deskey, sizeof(deskey), 0, sizeof(deskey));
+    memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule));
     return GSS_S_BAD_MIC;
+  }
 
   /* verify sequence number */