From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Tue, 19 Jun 2012 01:49:18 +0000 (-0400)
Subject: Windows: NPLogonNotify secure erase password
X-Git-Tag: upstream/1.6.2_pre2^2~48
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=bff302b604f46b9ee18c4decbfdb00008d7a570e;p=packages%2Fo%2Fopenafs.git

Windows: NPLogonNotify secure erase password

The user's password is copied during the NPLogonNotify
processing, be sure to erase it from the stack before the
function completes.

Reviewed-on: http://gerrit.openafs.org/7632
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 187af8d11350c2ff509244f216c72bdd4b88451a)

Change-Id: I40f52324067597e4eb96bfd7ed19f18e154ef8ee
Reviewed-on: http://gerrit.openafs.org/8632
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index 16f98d895..8f2d72389 100644
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -1190,6 +1190,8 @@ DWORD APIENTRY NPLogonNotify(
     if (opt.smbName) free(opt.smbName);
     if (opt.realm) free(opt.realm);
 
+    SecureZeroMemory(password, sizeof(password));
+
     DebugEvent("AFS AfsLogon - Exit","Return Code[%x]",code);
     return code;
 }