From: Corinna Vinschen <corinna@vinschen.de>
Date: Mon, 15 Dec 2008 17:39:21 +0000 (+0000)
Subject: 	* setpwd.cc (client_request_setpwd::serve): Explicitely erase password
X-Git-Tag: newlib-1_17_0~29
X-Git-Url: https://sourceware.org/git/?a=commitdiff_plain;h=d08afb78d18df23a46d19c92f0f7f22e6b96a72d;p=newlib-cygwin.git

	* setpwd.cc (client_request_setpwd::serve): Explicitely erase password
	buffer content after usage.
---

diff --git a/winsup/cygserver/ChangeLog b/winsup/cygserver/ChangeLog
index 0ba9e4685..04054741b 100644
--- a/winsup/cygserver/ChangeLog
+++ b/winsup/cygserver/ChangeLog
@@ -1,3 +1,8 @@
+2008-12-15  Corinna Vinschen  <corinna@vinschen.de>
+
+	* setpwd.cc (client_request_setpwd::serve): Explicitely erase password
+	buffer content after usage.
+
 2008-11-26  Corinna Vinschen  <corinna@vinschen.de>
 
 	* Makefile.in (OBJS): Add setpwd.o.
diff --git a/winsup/cygserver/setpwd.cc b/winsup/cygserver/setpwd.cc
index 39989f86a..70d96cd57 100644
--- a/winsup/cygserver/setpwd.cc
+++ b/winsup/cygserver/setpwd.cc
@@ -90,6 +90,8 @@ client_request_setpwd::serve (transport_layer_base *const conn,
   RtlAppendUnicodeStringToString (&key, &sid);
   RtlInitUnicodeString (&data, _parameters.in.passwd);
   status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL);
+  if (data.Length)
+    memset (data.Buffer, 0, data.Length);
   if (NT_SUCCESS (status))
     error_code (0);
   else