credentials: Clear the moved-from string before checking its capacity

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/credentials.cc b/pdns/credentials.cc
index 277e09e53fc3cb18671b89f34ec969790bb30a9e..c91873c205c1ac8a2fd196702609fb9e868cffbf 100644 (file)
--- a/pdns/credentials.cc
+++ b/pdns/credentials.cc
@@ -84,11 +84,11 @@ void SensitiveData::reallyClearContent(void* data, size_t size) noexcept
 SensitiveData::SensitiveData(std::string&& data) :
   d_data(std::move(data))
 {
+  data.clear();
 #ifdef HAVE_LIBSODIUM
   // let's be nice and try to zero out the SSO buffer
   reallyClearContent(data.data(), data.capacity());
 #endif
-  data.clear();
 #ifdef HAVE_LIBSODIUM
   sodium_mlock(d_data.data(), d_data.size());
 #endif