* setpwd.cc (client_request_setpwd::serve): Use RtlSecureZeroMemory to

	delete password from memory.

diff --git a/winsup/cygserver/ChangeLog b/winsup/cygserver/ChangeLog
index 5a497574667e1a3187a67ed2f5bd4d74c4196ada..02593fdbbba2b26e4dda6e5bb058ae7440cfe198 100644 (file)
--- a/winsup/cygserver/ChangeLog
+++ b/winsup/cygserver/ChangeLog
@@ -1,3 +1,8 @@
+2014-03-06  Corinna Vinschen  <corinna@vinschen.de>
+
+       * setpwd.cc (client_request_setpwd::serve): Use RtlSecureZeroMemory to
+       delete password from memory.
+
 2013-11-06  Christopher Faylor  <me.cygwin2013@cgf.cx>
 
        * configure.ac: Detect windows headers/libs after we've figured out the

diff --git a/winsup/cygserver/setpwd.cc b/winsup/cygserver/setpwd.cc
index 8125fd25a00d4b23e9e11d6e81574cdef1ce786b..4f996d3b5957198d8afe9f788224d1af5a2a864b 100644 (file)
--- a/winsup/cygserver/setpwd.cc
+++ b/winsup/cygserver/setpwd.cc
@@ -1,6 +1,6 @@
 /* setpwd.cc: Set LSA private data password for current user.
 
-   Copyright 2008 Red Hat, Inc.
+   Copyright 2008, 2014 Red Hat, Inc.
 
 This file is part of Cygwin.
 
@@ -91,7 +91,7 @@ client_request_setpwd::serve (transport_layer_base *const conn,
   RtlInitUnicodeString (&data, _parameters.in.passwd);
   status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL);
   if (data.Length)
-    memset (data.Buffer, 0, data.Length);
+    RtlSecureZeroMemory (data.Buffer, data.Length);
   /* Success or we're trying to remove a password entry which doesn't exist. */
   if (NT_SUCCESS (status)
       || (data.Length == 0 && status == STATUS_OBJECT_NAME_NOT_FOUND))