s3:passdb: Zero secrets_domain_info1_password created via secrets_fetch()

Zero out these members of struct secrets_domain_info1_password:

DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index a9b1fe82a01617b785c0d56050f00d79b0a87f57..1cf34bbf5c929d15bc3a8cc94c5c1e9d082fb562 100644 (file)
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -685,6 +685,28 @@ char *secrets_fetch_machine_password(const char *domain,
        return ret;
 }
 
+static int password_nt_hash_destructor(struct secrets_domain_info1_password *pw)
+{
+       ZERO_STRUCT(pw->nt_hash);
+
+       return 0;
+}
+
+static int setup_password_zeroing(struct secrets_domain_info1_password *pw)
+{
+       if (pw != NULL) {
+               size_t i;
+
+               talloc_keep_secret(pw->cleartext_blob.data);
+               talloc_set_destructor(pw, password_nt_hash_destructor);
+               for (i = 0; i < pw->num_keys; i++) {
+                       talloc_keep_secret(pw->keys[i].value.data);
+               }
+       }
+
+       return 0;
+}
+
 static char *domain_info_keystr(const char *domain)
 {
        char *keystr;
@@ -726,6 +748,13 @@ static NTSTATUS secrets_fetch_domain_info1_by_key(const char *key,
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
 
+       if (sdib.info.info1->next_change != NULL) {
+               setup_password_zeroing(sdib.info.info1->next_change->password);
+       }
+       setup_password_zeroing(sdib.info.info1->password);
+       setup_password_zeroing(sdib.info.info1->old_password);
+       setup_password_zeroing(sdib.info.info1->older_password);
+
        if (sdib.version != SECRETS_DOMAIN_INFO_VERSION_1) {
                DBG_ERR("sdib.version = %u\n", (unsigned)sdib.version);
                return NT_STATUS_INTERNAL_DB_CORRUPTION;