s3:passdb: Zero local memory in secrets_fetch()

author Pavel Filipenský <pfilipensky@samba.org>

Thu, 11 Aug 2022 08:09:00 +0000 (10:09 +0200)

committer Andreas Schneider <asn@cryptomilk.org>

Fri, 26 Aug 2022 07:59:32 +0000 (07:59 +0000)
author Pavel Filipenský <pfilipensky@samba.org>
Thu, 11 Aug 2022 08:09:00 +0000 (10:09 +0200)
committer Andreas Schneider <asn@cryptomilk.org>
Fri, 26 Aug 2022 07:59:32 +0000 (07:59 +0000)
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c

index c8390d5455e5ff02899430b078956969f6bc81a4..10692d6588b76e6d3f293afe73da515d15b22169 100644 (file)
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -119,6 +119,16 @@ void *secrets_fetch(const char *key, size_t *size)
         if (result == NULL) {
                 return NULL;
         }
+       /*
+        * secrets_fetch() is a generic code and may be used for sensitive data,
+        * so clear the local dbuf.dptr memory via BURN_PTR_SIZE().
+        * The future plan is to convert secrets_fetch() to talloc.
+        * That would improve performance via:
+        * - avoid smb_memdup() above, instead directly return dbuf.dptr
+        * - BURN_PTR_SIZE() will be done not here but in the caller and only
+        *   if the caller asks for sensitive data.
+        */
+       BURN_PTR_SIZE(dbuf.dptr, dbuf.dsize);
         TALLOC_FREE(dbuf.dptr);
  
         if (size) {
author	Pavel Filipenský <pfilipensky@samba.org>
	Thu, 11 Aug 2022 08:09:00 +0000 (10:09 +0200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Fri, 26 Aug 2022 07:59:32 +0000 (07:59 +0000)