From efc58fd56d81be9f68a79aa5802107d046f149d0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
Date: Mon, 8 Dec 2025 16:09:53 +0100
Subject: [PATCH] nsswitch/libwbclient: Zero memory in libwbclient
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan  8 12:59:02 UTC 2026 on atb-devel-224
---
 nsswitch/libwbclient/wbc_util.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index d97e00db383..59204b4deac 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -848,6 +848,11 @@ static void wbcNamedBlobDestructor(void *ptr)
 
 	while (b->name != NULL) {
 		free(discard_const_p(char, b->name));
+		/*
+		 * This targets sensitive data like "session_key". To make the
+		 * implementation simple, we zero every wbcNamedBlob.
+		 */
+		BURN_PTR_SIZE(b->blob.data, b->blob.length);
 		free(b->blob.data);
 		b += 1;
 	}
-- 
2.47.3