s3:passdb: Zero memory using BURN_FREE() in secrets_fetch_trust_account_password_lega...

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 5353cca93159536fce563584672d0aea9e9a1aca..c20387e5dbad40bfb1a51a82623cf8d8f7edc99f 100644 (file)
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -345,7 +345,7 @@ bool secrets_fetch_trust_account_password_legacy(const char *domain,
 
        if (size != sizeof(*pass)) {
                DEBUG(0, ("secrets were of incorrect size!\n"));
-               SAFE_FREE(pass);
+               BURN_FREE(pass, size);
                return False;
        }
 
@@ -358,7 +358,7 @@ bool secrets_fetch_trust_account_password_legacy(const char *domain,
                *channel = get_default_sec_channel();
        }
 
-       SAFE_FREE(pass);
+       BURN_FREE(pass, size);
        return True;
 }
 
@@ -719,7 +719,7 @@ static NTSTATUS secrets_fetch_domain_info1_by_key(const char *key,
        /* unpack trusted domain password */
        ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &sdib,
                        (ndr_pull_flags_fn_t)ndr_pull_secrets_domain_infoB);
-       SAFE_FREE(blob.data);
+       BURN_FREE(blob.data, blob.length);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                DBG_ERR("ndr_pull_struct_blob failed - %s!\n",
                        ndr_errstr(ndr_err));