From ebfc16723358b4077499edead99a66ef0056ef94 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
Date: Thu, 11 Aug 2022 10:09:00 +0200
Subject: [PATCH] s3:passdb: Zero local memory in secrets_fetch()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/passdb/secrets.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index c8390d5455e..10692d6588b 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -119,6 +119,16 @@ void *secrets_fetch(const char *key, size_t *size)
 	if (result == NULL) {
 		return NULL;
 	}
+	/*
+	 * secrets_fetch() is a generic code and may be used for sensitive data,
+	 * so clear the local dbuf.dptr memory via BURN_PTR_SIZE().
+	 * The future plan is to convert secrets_fetch() to talloc.
+	 * That would improve performance via:
+	 * - avoid smb_memdup() above, instead directly return dbuf.dptr
+	 * - BURN_PTR_SIZE() will be done not here but in the caller and only
+	 *   if the caller asks for sensitive data.
+	 */
+	BURN_PTR_SIZE(dbuf.dptr, dbuf.dsize);
 	TALLOC_FREE(dbuf.dptr);
 
 	if (size) {
-- 
2.34.1