From 3151e760548ce4cbcf6ec5f6907e96b37eb18dde Mon Sep 17 00:00:00 2001
From: =?utf8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
Date: Wed, 10 Aug 2022 20:51:46 +0200
Subject: [PATCH] s3:passdb: Zero password in fetch_ldap_pw() callers
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/passdb/pdb_ldap.c | 3 +--
 source3/utils/net_sam.c   | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index c4efffc1c04..548ce3c4874 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6659,8 +6659,7 @@ static NTSTATUS pdb_init_ldapsam_common(struct pdb_methods **pdb_method, const c
 	nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(),
 				 location, false, bind_dn, bind_secret,
 				 &ldap_state->smbldap_state);
-	memset(bind_secret, '\0', strlen(bind_secret));
-	SAFE_FREE(bind_secret);
+	BURN_FREE_STR(bind_secret);
 	SAFE_FREE(bind_dn);
 	if ( !NT_STATUS_IS_OK(nt_status) ) {
 		return nt_status;
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 17cc47b2ddd..5c1e007381e 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -1678,8 +1678,7 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
 
 	status = smbldap_init(tc, NULL, ldap_uri, false, bind_dn, bind_secret, &state);
 
-	memset(bind_secret, '\0', strlen(bind_secret));
-	SAFE_FREE(bind_secret);
+	BURN_FREE_STR(bind_secret);
 	SAFE_FREE(bind_dn);
 
 	if (!NT_STATUS_IS_OK(status)) {
-- 
2.47.3