+2014-03-06 Corinna Vinschen <corinna@vinschen.de>
+
+ * setpwd.cc (client_request_setpwd::serve): Use RtlSecureZeroMemory to
+ delete password from memory.
+
2013-11-06 Christopher Faylor <me.cygwin2013@cgf.cx>
* configure.ac: Detect windows headers/libs after we've figured out the
/* setpwd.cc: Set LSA private data password for current user.
- Copyright 2008 Red Hat, Inc.
+ Copyright 2008, 2014 Red Hat, Inc.
This file is part of Cygwin.
RtlInitUnicodeString (&data, _parameters.in.passwd);
status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL);
if (data.Length)
- memset (data.Buffer, 0, data.Length);
+ RtlSecureZeroMemory (data.Buffer, data.Length);
/* Success or we're trying to remove a password entry which doesn't exist. */
if (NT_SUCCESS (status)
|| (data.Length == 0 && status == STATUS_OBJECT_NAME_NOT_FOUND))