From d08afb78d18df23a46d19c92f0f7f22e6b96a72d Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Mon, 15 Dec 2008 17:39:21 +0000
Subject: [PATCH] 	* setpwd.cc (client_request_setpwd::serve):
 Explicitely erase password 	buffer content after usage.

---
 winsup/cygserver/ChangeLog | 5 +++++
 winsup/cygserver/setpwd.cc | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/winsup/cygserver/ChangeLog b/winsup/cygserver/ChangeLog
index 0ba9e4685..04054741b 100644
--- a/winsup/cygserver/ChangeLog
+++ b/winsup/cygserver/ChangeLog
@@ -1,3 +1,8 @@
+2008-12-15  Corinna Vinschen  <corinna@vinschen.de>
+
+	* setpwd.cc (client_request_setpwd::serve): Explicitely erase password
+	buffer content after usage.
+
 2008-11-26  Corinna Vinschen  <corinna@vinschen.de>
 
 	* Makefile.in (OBJS): Add setpwd.o.
diff --git a/winsup/cygserver/setpwd.cc b/winsup/cygserver/setpwd.cc
index 39989f86a..70d96cd57 100644
--- a/winsup/cygserver/setpwd.cc
+++ b/winsup/cygserver/setpwd.cc
@@ -90,6 +90,8 @@ client_request_setpwd::serve (transport_layer_base *const conn,
   RtlAppendUnicodeStringToString (&key, &sid);
   RtlInitUnicodeString (&data, _parameters.in.passwd);
   status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL);
+  if (data.Length)
+    memset (data.Buffer, 0, data.Length);
   if (NT_SUCCESS (status))
     error_code (0);
   else