From: Pavel Filipenský <pfilipensky@samba.org>
Date: Sat, 20 Aug 2022 13:37:26 +0000 (+0200)
Subject: s3:passdb: Zero sensitive memory in lsa_secret_{set/get}_common()
X-Git-Tag: talloc-2.4.0~1299
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9c2ffef0d51029132313593e413f2e2f4f671e6b;p=thirdparty%2Fsamba.git

s3:passdb: Zero sensitive memory in lsa_secret_{set/get}_common()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source3/passdb/secrets_lsa.c b/source3/passdb/secrets_lsa.c
index 3ebaac4bb8e..7ff6d518cae 100644
--- a/source3/passdb/secrets_lsa.c
+++ b/source3/passdb/secrets_lsa.c
@@ -62,7 +62,16 @@ static NTSTATUS lsa_secret_get_common(TALLOC_CTX *mem_ctx,
 		return ndr_map_error2ntstatus(ndr_err);
 	}
 
-	SAFE_FREE(blob.data);
+	/* This is NOT a talloc blob */
+	BURN_FREE(blob.data, blob.length);
+
+	if (secret->secret_current != NULL &&
+	    secret->secret_current->data != NULL) {
+		talloc_keep_secret(secret->secret_current->data);
+	}
+	if (secret->secret_old != NULL && secret->secret_old->data != NULL) {
+		talloc_keep_secret(secret->secret_old->data);
+	}
 
 	return NT_STATUS_OK;
 }
@@ -163,9 +172,11 @@ static NTSTATUS lsa_secret_set_common(TALLOC_CTX *mem_ctx,
 	}
 
 	if (!secrets_store(key, blob.data, blob.length)) {
+		data_blob_clear(&blob);
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	data_blob_clear(&blob);
 	return NT_STATUS_OK;
 }