From: Pavel Filipenský <pfilipensky@samba.org>
Date: Wed, 3 Aug 2022 19:06:21 +0000 (+0200)
Subject: s3:passdb: Zero password in secrets_{fetch,store}_trusted_domain_password()
X-Git-Tag: talloc-2.4.0~1321
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0d7e34a63d5accedc2d792c002d5f60cdd4255dd;p=thirdparty%2Fsamba.git

s3:passdb: Zero password in secrets_{fetch,store}_trusted_domain_password()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 43a468ab068..d2e2b7511ad 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -263,12 +263,16 @@ bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
 	ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass,
 			(ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);
 
-	SAFE_FREE(blob.data);
+	/* This blob is NOT talloc based! */
+	BURN_FREE(blob.data, blob.length);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		return false;
 	}
 
+	if (pass.pass != NULL) {
+		talloc_keep_secret(discard_const_p(char, pass.pass));
+	}
 
 	/* the trust's password */
 	if (pwd) {
@@ -329,7 +333,8 @@ bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
 
 	ret = secrets_store(trustdom_keystr(domain), blob.data, blob.length);
 
-	data_blob_free(&blob);
+	/* This blob is talloc based. */
+	data_blob_clear_free(&blob);
 
 	return ret;
 }