From 5b64751394073f692cbf169a1df5621f443abce9 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
Date: Tue, 9 Aug 2022 15:36:34 +0200
Subject: [PATCH] s3:passdb: Zero password in secrets_fetch_ipc_userpass()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/passdb/secrets.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index cd85807e8c1..0ad216aaf4e 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -472,14 +472,17 @@ void secrets_fetch_ipc_userpass(char **username, char **domain, char **password)
 		if (!*domain || !**domain)
 			*domain = smb_xstrdup(lp_workgroup());
 
-		if (!*password || !**password)
+		if (!*password || !**password) {
+			BURN_FREE_STR(*password);
 			*password = smb_xstrdup("");
+		}
 
 		DEBUG(3, ("IPC$ connections done by user %s\\%s\n",
 			  *domain, *username));
 
 	} else {
 		DEBUG(3, ("IPC$ connections done anonymously\n"));
+		BURN_FREE_STR(*password);
 		*username = smb_xstrdup("");
 		*domain = smb_xstrdup("");
 		*password = smb_xstrdup("");
-- 
2.47.3