diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2014-03-06 21:02:18 +0400 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2014-03-06 21:02:18 +0400 |
commit | 722c840b35178adc5b5ad438334a04723cc624ac (patch) | |
tree | d0122310fc7d59aa09a58f8014394923571e1b9b /winsup/cygserver | |
parent | b8b4455f8fb53971c4001083404968f983e6df47 (diff) |
* setpwd.cc (client_request_setpwd::serve): Use RtlSecureZeroMemory to
delete password from memory.
Diffstat (limited to 'winsup/cygserver')
-rw-r--r-- | winsup/cygserver/ChangeLog | 5 | ||||
-rw-r--r-- | winsup/cygserver/setpwd.cc | 4 |
2 files changed, 7 insertions, 2 deletions
diff --git a/winsup/cygserver/ChangeLog b/winsup/cygserver/ChangeLog index 5a4975746..02593fdbb 100644 --- a/winsup/cygserver/ChangeLog +++ b/winsup/cygserver/ChangeLog @@ -1,3 +1,8 @@ +2014-03-06 Corinna Vinschen <corinna@vinschen.de> + + * setpwd.cc (client_request_setpwd::serve): Use RtlSecureZeroMemory to + delete password from memory. + 2013-11-06 Christopher Faylor <me.cygwin2013@cgf.cx> * configure.ac: Detect windows headers/libs after we've figured out the diff --git a/winsup/cygserver/setpwd.cc b/winsup/cygserver/setpwd.cc index 8125fd25a..4f996d3b5 100644 --- a/winsup/cygserver/setpwd.cc +++ b/winsup/cygserver/setpwd.cc @@ -1,6 +1,6 @@ /* setpwd.cc: Set LSA private data password for current user. - Copyright 2008 Red Hat, Inc. + Copyright 2008, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -91,7 +91,7 @@ client_request_setpwd::serve (transport_layer_base *const conn, RtlInitUnicodeString (&data, _parameters.in.passwd); status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL); if (data.Length) - memset (data.Buffer, 0, data.Length); + RtlSecureZeroMemory (data.Buffer, data.Length); /* Success or we're trying to remove a password entry which doesn't exist. */ if (NT_SUCCESS (status) || (data.Length == 0 && status == STATUS_OBJECT_NAME_NOT_FOUND)) |