1 files changed, 10 insertions, 2 deletions

diff --git a/contrib/ntp/libntp/authkeys.c b/contrib/ntp/libntp/authkeys.c
index 68771ff..667ca29 100644
--- a/contrib/ntp/libntp/authkeys.c
+++ b/contrib/ntp/libntp/authkeys.c
@@ -534,6 +534,12 @@ MD5auth_setkey(
 	bucket = &key_hash[KEYHASH(keyno)];
 	for (sk = *bucket; sk != NULL; sk = sk->hlink) {
 		if (keyno == sk->keyid) {
+			/* TALOS-CAN-0054: make sure we have a new buffer! */
+			if (NULL != sk->secret) {
+				memset(sk->secret, 0, sk->secretsize);
+				free(sk->secret);
+			}
+			sk->secret = emalloc(len);
 			sk->type = (u_short)keytype;
 			secretsize = len;
 			sk->secretsize = (u_short)secretsize;
@@ -593,12 +599,14 @@ auth_delkeys(void)
 		}
 
 		/*
-		 * Don't lose info as to which keys are trusted.
+		 * Don't lose info as to which keys are trusted. Make
+		 * sure there are no dangling pointers!
 		 */
 		if (KEY_TRUSTED & sk->flags) {
 			if (sk->secret != NULL) {
-				memset(sk->secret, '\0', sk->secretsize);
+				memset(sk->secret, 0, sk->secretsize);
 				free(sk->secret);
+				sk->secret = NULL; /* TALOS-CAN-0054 */
 			}
 			sk->secretsize = 0;
 			sk->lifetime = 0;