buffer content after usage.
+2008-12-15 Corinna Vinschen <corinna@vinschen.de>
+
+ * setpwd.cc (client_request_setpwd::serve): Explicitely erase password
+ buffer content after usage.
+
2008-11-26 Corinna Vinschen <corinna@vinschen.de>
* Makefile.in (OBJS): Add setpwd.o.
RtlAppendUnicodeStringToString (&key, &sid);
RtlInitUnicodeString (&data, _parameters.in.passwd);
status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL);
+ if (data.Length)
+ memset (data.Buffer, 0, data.Length);
if (NT_SUCCESS (status))
error_code (0);
else