From 6edf88f5c40421b9881666a2e78038ea9c547c24 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 2 Aug 2022 14:35:50 +1200
Subject: [PATCH] libcli:auth: Keep passwords from convert_string_talloc()
 secret

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/auth/smbencrypt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 7abf6613d80..8492202ea93 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -975,6 +975,7 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
 		DBG_ERR("Failed to convert incoming password\n");
 		return false;
 	}
+	talloc_keep_secret(*pp_new_pwrd);
 
 #ifdef DEBUG_PASSWORD
 	DEBUG(100,("decode_pw_buffer: new_pwrd: "));
@@ -1067,6 +1068,7 @@ bool decode_pwd_string_from_buffer514(TALLOC_CTX *mem_ctx,
 	if (!ok) {
 		return false;
 	}
+	talloc_keep_secret(decoded_password->data);
 
 	return true;
 }
-- 
2.47.3