From 85fd77a145174662dbe073f8669f5c22d4240dd0 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Mon, 15 Dec 2008 17:39:39 +0000
Subject: 	* setlsapwd.cc (setlsapwd): Explicitely erase password buffer
 content 	after usage.

---
 winsup/cygwin/ChangeLog    | 5 +++++
 winsup/cygwin/setlsapwd.cc | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'winsup')

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 2b2e8ebde..0fdc97b15 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2008-12-15  Corinna Vinschen  <corinna@vinschen.de>
+
+	* setlsapwd.cc (setlsapwd): Explicitely erase password buffer content
+	after usage.
+
 2008-12-15  Corinna Vinschen  <corinna@vinschen.de>
 
 	* fhandler_registry.cc (fhandler_registry::exists): Handle EACCES.
diff --git a/winsup/cygwin/setlsapwd.cc b/winsup/cygwin/setlsapwd.cc
index 34284afd3..401e48768 100644
--- a/winsup/cygwin/setlsapwd.cc
+++ b/winsup/cygwin/setlsapwd.cc
@@ -84,7 +84,10 @@ setlsapwd (const char *passwd)
       __seterrno_from_nt_status (status);
 #endif
       if (data_buf)
-	free (data_buf);
+	{
+	  memset (data.Buffer, 0, data.Length);
+	  free (data_buf);
+	}
     }
   return ret;
 }
-- 
cgit v1.2.3