From 3d29861e86e2044dc4dfbf6f2615c3e567c7a4f6 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Wed, 14 May 2014 21:29:38 +0200
Subject: Clear buffers before free-ing

This clears most buffers that may hold credentials at one point before
free()ing the memory.
---
 nslcd/myldap.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'nslcd/myldap.c')

diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 78968ae..7babe0e 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -318,6 +318,7 @@ static MYLDAP_SESSION *myldap_session_new(void)
   for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++)
     session->searches[i] = NULL;
   session->binddn[0] = '\0';
+  memset(session->bindpw, 0, sizeof(session->bindpw));
   session->bindpw[0] = '\0';
   session->policy_response = NSLCD_PAM_SUCCESS;
   session->policy_message[0] = '\0';
@@ -1195,6 +1196,7 @@ void myldap_session_close(MYLDAP_SESSION *session)
   /* close any open connections */
   do_close(session);
   /* free allocated memory */
+  memset(session->bindpw, 0, sizeof(session->bindpw));
   free(session);
 }
 
-- 
cgit v1.2.3