s3:passdb: Zero sensitive memory in lsa_secret_{set/get}_common()

author Pavel Filipenský <pfilipensky@samba.org>

Sat, 20 Aug 2022 13:37:26 +0000 (15:37 +0200)

committer Andreas Schneider <asn@cryptomilk.org>

Fri, 26 Aug 2022 07:59:32 +0000 (07:59 +0000)
author Pavel Filipenský <pfilipensky@samba.org>
Sat, 20 Aug 2022 13:37:26 +0000 (15:37 +0200)
committer Andreas Schneider <asn@cryptomilk.org>
Fri, 26 Aug 2022 07:59:32 +0000 (07:59 +0000)
diff --git a/source3/passdb/secrets_lsa.c b/source3/passdb/secrets_lsa.c

index 3ebaac4bb8e67d77fcb07a0dc8d5b4811d144222..7ff6d518caec17bfbd6c639b713b6394433df714 100644 (file)
--- a/source3/passdb/secrets_lsa.c
+++ b/source3/passdb/secrets_lsa.c
@@ -62,7 +62,16 @@ static NTSTATUS lsa_secret_get_common(TALLOC_CTX *mem_ctx,
                 return ndr_map_error2ntstatus(ndr_err);
         }
  
-       SAFE_FREE(blob.data);
+       /* This is NOT a talloc blob */
+       BURN_FREE(blob.data, blob.length);
+
+       if (secret->secret_current != NULL &&
+           secret->secret_current->data != NULL) {
+               talloc_keep_secret(secret->secret_current->data);
+       }
+       if (secret->secret_old != NULL && secret->secret_old->data != NULL) {
+               talloc_keep_secret(secret->secret_old->data);
+       }
  
         return NT_STATUS_OK;
  }
@@ -163,9 +172,11 @@ static NTSTATUS lsa_secret_set_common(TALLOC_CTX *mem_ctx,
         }
  
         if (!secrets_store(key, blob.data, blob.length)) {
+               data_blob_clear(&blob);
                 return NT_STATUS_ACCESS_DENIED;
         }
  
+       data_blob_clear(&blob);
         return NT_STATUS_OK;
  }
author	Pavel Filipenský <pfilipensky@samba.org>
	Sat, 20 Aug 2022 13:37:26 +0000 (15:37 +0200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Fri, 26 Aug 2022 07:59:32 +0000 (07:59 +0000)