From: Pavel Filipenský Date: Tue, 26 Jul 2022 17:02:28 +0000 (+0200) Subject: lib:util: Zero memory in generate_random_machine_password() X-Git-Tag: talloc-2.4.0~1327 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8de685741b13bcb433d748ef7de6296a6dee0726;p=thirdparty%2Fsamba.git lib:util: Zero memory in generate_random_machine_password() Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider --- diff --git a/lib/util/genrand_util.c b/lib/util/genrand_util.c index 82103f59bd7..43005c56666 100644 --- a/lib/util/genrand_util.c +++ b/lib/util/genrand_util.c @@ -312,6 +312,9 @@ again: * * If 'unix charset' is not utf8, the password consist of random ascii * values! + * + * The return value is a talloc string with destructor talloc_keep_secret() set. + * The content will be overwritten by zeros when the mem_ctx is destroyed. */ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, size_t max) @@ -349,6 +352,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, frame = talloc_stackframe_pool(2048); state = talloc_zero(frame, struct generate_random_machine_password_state); + talloc_keep_secret(state); diff = max - min; @@ -417,6 +421,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, TALLOC_FREE(frame); return NULL; } + talloc_keep_secret(utf8_pw); ok = convert_string_talloc(frame, CH_UTF16MUNGED, CH_UNIX, @@ -425,6 +430,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, if (!ok) { goto ascii_fallback; } + talloc_keep_secret(unix_pw); if (utf8_len != unix_len) { goto ascii_fallback; @@ -442,6 +448,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, TALLOC_FREE(frame); return NULL; } + talloc_keep_secret(new_pw); talloc_set_name_const(new_pw, __func__); TALLOC_FREE(frame); return new_pw; @@ -467,6 +474,7 @@ ascii_fallback: TALLOC_FREE(frame); return NULL; } + talloc_keep_secret(new_pw); talloc_set_name_const(new_pw, __func__); TALLOC_FREE(frame); return new_pw;