From a5d57a04c2e515212cc1f2b51c9a02acb33a79ba Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 31 Aug 2012 11:19:54 +1000 Subject: auth/credentials: Do not print passwords in a talloc memory dump The fact that a password was created here is enough information, so overwrite with the function name and line. Andrew Bartlett --- auth/credentials/credentials.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'auth') diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 05f0a624db..e6361239e9 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -371,6 +371,10 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred, { if (obtained >= cred->password_obtained) { cred->password = talloc_strdup(cred, val); + if (cred->password) { + /* Don't print the actual password in talloc memory dumps */ + talloc_set_name_const(cred->password, "password set via cli_credentials_set_password"); + } cred->password_obtained = obtained; cli_credentials_invalidate_ccache(cred, cred->password_obtained); @@ -416,6 +420,10 @@ _PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred, enum credentials_obtained obtained) { cred->old_password = talloc_strdup(cred, val); + if (cred->old_password) { + /* Don't print the actual password in talloc memory dumps */ + talloc_set_name_const(cred->old_password, "password set via cli_credentials_set_old_password"); + } return true; } -- cgit