Windows: NPLogonNotify secure erase password

The user's password is copied during the NPLogonNotify
processing, be sure to erase it from the stack before the
function completes.

Change-Id: Ib600f5656f7b32628e7105336ff0ffef8f15272f
Reviewed-on: http://gerrit.openafs.org/7632
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index ab7cbfbe944d3aad9b86bace610557ae56307b2d..0138c62ce35a8a02bed9590ff247257c3a700897 100644 (file)
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -1205,6 +1205,8 @@ NPLogonNotify(
     if (opt.smbName) free(opt.smbName);
     if (opt.realm) free(opt.realm);
 
+    SecureZeroMemory(password, sizeof(password));
+
     DebugEvent("AFS AfsLogon - Exit","Return Code[%x]",code);
     return code;
 }