From: Pavel Filipenský <pfilipensky@samba.org>
Date: Thu, 11 Aug 2022 08:09:00 +0000 (+0200)
Subject: s3:passdb: Zero local memory in secrets_fetch()
X-Git-Tag: talloc-2.4.0~1303
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ebfc16723358b4077499edead99a66ef0056ef94;p=thirdparty%2Fsamba.git

s3:passdb: Zero local memory in secrets_fetch()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index c8390d5455e..10692d6588b 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -119,6 +119,16 @@ void *secrets_fetch(const char *key, size_t *size)
 	if (result == NULL) {
 		return NULL;
 	}
+	/*
+	 * secrets_fetch() is a generic code and may be used for sensitive data,
+	 * so clear the local dbuf.dptr memory via BURN_PTR_SIZE().
+	 * The future plan is to convert secrets_fetch() to talloc.
+	 * That would improve performance via:
+	 * - avoid smb_memdup() above, instead directly return dbuf.dptr
+	 * - BURN_PTR_SIZE() will be done not here but in the caller and only
+	 *   if the caller asks for sensitive data.
+	 */
+	BURN_PTR_SIZE(dbuf.dptr, dbuf.dsize);
 	TALLOC_FREE(dbuf.dptr);
 
 	if (size) {