nsswitch/libwbclient: Zero memory in libwbclient

author Pavel Filipenský <pfilipensky@samba.org>

Mon, 8 Dec 2025 15:09:53 +0000 (16:09 +0100)

committer Volker Lendecke <vl@samba.org>

Thu, 8 Jan 2026 12:59:02 +0000 (12:59 +0000)
author Pavel Filipenský <pfilipensky@samba.org>
Mon, 8 Dec 2025 15:09:53 +0000 (16:09 +0100)
committer Volker Lendecke <vl@samba.org>
Thu, 8 Jan 2026 12:59:02 +0000 (12:59 +0000)
diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c

index d97e00db383a33d1d02a7b53b30d7fcb74704c14..59204b4deac5a22fe38dd91047531e825fed7166 100644 (file)
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -848,6 +848,11 @@ static void wbcNamedBlobDestructor(void *ptr)
  
         while (b->name != NULL) {
                 free(discard_const_p(char, b->name));
+               /*
+                * This targets sensitive data like "session_key". To make the
+                * implementation simple, we zero every wbcNamedBlob.
+                */
+               BURN_PTR_SIZE(b->blob.data, b->blob.length);
                 free(b->blob.data);
                 b += 1;
         }
author	Pavel Filipenský <pfilipensky@samba.org>
	Mon, 8 Dec 2025 15:09:53 +0000 (16:09 +0100)
committer	Volker Lendecke <vl@samba.org>
	Thu, 8 Jan 2026 12:59:02 +0000 (12:59 +0000)