* setpwd.cc (client_request_setpwd::serve): Explicitely erase password

author Corinna Vinschen <corinna@vinschen.de>

Mon, 15 Dec 2008 17:39:21 +0000 (17:39 +0000)

committer Corinna Vinschen <corinna@vinschen.de>

Mon, 15 Dec 2008 17:39:21 +0000 (17:39 +0000)
author Corinna Vinschen <corinna@vinschen.de>
Mon, 15 Dec 2008 17:39:21 +0000 (17:39 +0000)
committer Corinna Vinschen <corinna@vinschen.de>
Mon, 15 Dec 2008 17:39:21 +0000 (17:39 +0000)
diff --git a/winsup/cygserver/ChangeLog b/winsup/cygserver/ChangeLog

index 0ba9e46851f1ea8349bee58ca203d136642620f4..04054741ba946efe1d64a1920b5d6d854a873812 100644 (file)
--- a/winsup/cygserver/ChangeLog
+++ b/winsup/cygserver/ChangeLog
@@ -1,3 +1,8 @@
+2008-12-15  Corinna Vinschen  <corinna@vinschen.de>
+
+       * setpwd.cc (client_request_setpwd::serve): Explicitely erase password
+       buffer content after usage.
+
  2008-11-26  Corinna Vinschen  <corinna@vinschen.de>
  
         * Makefile.in (OBJS): Add setpwd.o.
diff --git a/winsup/cygserver/setpwd.cc b/winsup/cygserver/setpwd.cc

index 39989f86a89a4b05bf6e53609398ec890a735054..70d96cd57b3ab1b5f7ef1012a888409099518510 100644 (file)
--- a/winsup/cygserver/setpwd.cc
+++ b/winsup/cygserver/setpwd.cc
@@ -90,6 +90,8 @@ client_request_setpwd::serve (transport_layer_base *const conn,
    RtlAppendUnicodeStringToString (&key, &sid);
    RtlInitUnicodeString (&data, _parameters.in.passwd);
    status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL);
+  if (data.Length)
+    memset (data.Buffer, 0, data.Length);
    if (NT_SUCCESS (status))
      error_code (0);
    else
author	Corinna Vinschen <corinna@vinschen.de>
	Mon, 15 Dec 2008 17:39:21 +0000 (17:39 +0000)
committer	Corinna Vinschen <corinna@vinschen.de>
	Mon, 15 Dec 2008 17:39:21 +0000 (17:39 +0000)
winsup/cygserver/ChangeLog		patch \| blob \| blame \| history
winsup/cygserver/setpwd.cc		patch \| blob \| blame \| history