aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--winsup/cygserver/ChangeLog5
-rw-r--r--winsup/cygserver/setpwd.cc2
2 files changed, 7 insertions, 0 deletions
diff --git a/winsup/cygserver/ChangeLog b/winsup/cygserver/ChangeLog
index 0ba9e46..0405474 100644
--- a/winsup/cygserver/ChangeLog
+++ b/winsup/cygserver/ChangeLog
@@ -1,3 +1,8 @@
+2008-12-15 Corinna Vinschen <corinna@vinschen.de>
+
+ * setpwd.cc (client_request_setpwd::serve): Explicitely erase password
+ buffer content after usage.
+
2008-11-26 Corinna Vinschen <corinna@vinschen.de>
* Makefile.in (OBJS): Add setpwd.o.
diff --git a/winsup/cygserver/setpwd.cc b/winsup/cygserver/setpwd.cc
index 39989f8..70d96cd 100644
--- a/winsup/cygserver/setpwd.cc
+++ b/winsup/cygserver/setpwd.cc
@@ -90,6 +90,8 @@ client_request_setpwd::serve (transport_layer_base *const conn,
RtlAppendUnicodeStringToString (&key, &sid);
RtlInitUnicodeString (&data, _parameters.in.passwd);
status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL);
+ if (data.Length)
+ memset (data.Buffer, 0, data.Length);
if (NT_SUCCESS (status))
error_code (0);
else
generated by cgit v1.1 at 2025-01-23 10:09:05 +0000