From: Pavel Filipenský <pfilipensky@samba.org>
Date: Tue, 26 Jul 2022 17:03:11 +0000 (+0200)
Subject: s3:passdb: Zero memory using BURN_FREE() in secrets_fetch_trust_account_password_lega... 
X-Git-Tag: talloc-2.4.0~1324
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b6dde7d31bc3731471ce92b68c8eaf3ef9779392;p=thirdparty%2Fsamba.git

s3:passdb: Zero memory using BURN_FREE() in secrets_fetch_trust_account_password_legacy() and secrets_fetch_domain_info1_by_key()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 5353cca9315..c20387e5dba 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -345,7 +345,7 @@ bool secrets_fetch_trust_account_password_legacy(const char *domain,
 
 	if (size != sizeof(*pass)) {
 		DEBUG(0, ("secrets were of incorrect size!\n"));
-		SAFE_FREE(pass);
+		BURN_FREE(pass, size);
 		return False;
 	}
 
@@ -358,7 +358,7 @@ bool secrets_fetch_trust_account_password_legacy(const char *domain,
 		*channel = get_default_sec_channel();
 	}
 
-	SAFE_FREE(pass);
+	BURN_FREE(pass, size);
 	return True;
 }
 
@@ -719,7 +719,7 @@ static NTSTATUS secrets_fetch_domain_info1_by_key(const char *key,
 	/* unpack trusted domain password */
 	ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &sdib,
 			(ndr_pull_flags_fn_t)ndr_pull_secrets_domain_infoB);
-	SAFE_FREE(blob.data);
+	BURN_FREE(blob.data, blob.length);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		DBG_ERR("ndr_pull_struct_blob failed - %s!\n",
 			ndr_errstr(ndr_err));