diff options
author | Pavel Filipenský <pfilipensky@samba.org> | 2022-07-26 19:02:28 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2022-08-26 07:59:32 +0000 |
commit | 8de685741b13bcb433d748ef7de6296a6dee0726 (patch) | |
tree | b5983fb6a444e352f44892ef82a61a94f9d49570 /lib/util | |
parent | 8564380346ace981b957bb8464f2ecf007032062 (diff) | |
download | samba-8de685741b13bcb433d748ef7de6296a6dee0726.tar.gz |
lib:util: Zero memory in generate_random_machine_password()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'lib/util')
-rw-r--r-- | lib/util/genrand_util.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/util/genrand_util.c b/lib/util/genrand_util.c index 82103f59bd7..43005c56666 100644 --- a/lib/util/genrand_util.c +++ b/lib/util/genrand_util.c @@ -312,6 +312,9 @@ again: * * If 'unix charset' is not utf8, the password consist of random ascii * values! + * + * The return value is a talloc string with destructor talloc_keep_secret() set. + * The content will be overwritten by zeros when the mem_ctx is destroyed. */ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, size_t max) @@ -349,6 +352,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, frame = talloc_stackframe_pool(2048); state = talloc_zero(frame, struct generate_random_machine_password_state); + talloc_keep_secret(state); diff = max - min; @@ -417,6 +421,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, TALLOC_FREE(frame); return NULL; } + talloc_keep_secret(utf8_pw); ok = convert_string_talloc(frame, CH_UTF16MUNGED, CH_UNIX, @@ -425,6 +430,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, if (!ok) { goto ascii_fallback; } + talloc_keep_secret(unix_pw); if (utf8_len != unix_len) { goto ascii_fallback; @@ -442,6 +448,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, TALLOC_FREE(frame); return NULL; } + talloc_keep_secret(new_pw); talloc_set_name_const(new_pw, __func__); TALLOC_FREE(frame); return new_pw; @@ -467,6 +474,7 @@ ascii_fallback: TALLOC_FREE(frame); return NULL; } + talloc_keep_secret(new_pw); talloc_set_name_const(new_pw, __func__); TALLOC_FREE(frame); return new_pw; |