From c13de8e8714bf3d1221d45f6d8b984e8c1241b78 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 17 Jan 2023 17:52:09 +0100
Subject: [PATCH] credentials: Explicitly clear credentials once they have been
 moved

---
 pdns/credentials.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pdns/credentials.cc b/pdns/credentials.cc
index ef37eaee6c..b086788a5f 100644
--- a/pdns/credentials.cc
+++ b/pdns/credentials.cc
@@ -62,6 +62,7 @@ uint64_t const CredentialsHolder::s_defaultBlockSize{8U}; /* r */
 SensitiveData::SensitiveData(std::string&& data) :
   d_data(std::move(data))
 {
+  data.clear();
 #ifdef HAVE_LIBSODIUM
   sodium_mlock(d_data.data(), d_data.size());
 #endif
@@ -70,6 +71,7 @@ SensitiveData::SensitiveData(std::string&& data) :
 SensitiveData& SensitiveData::operator=(SensitiveData&& rhs)
 {
   d_data = std::move(rhs.d_data);
+  rhs.clear();
   return *this;
 }
 
-- 
2.47.2