From a5d57a04c2e515212cc1f2b51c9a02acb33a79ba Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 31 Aug 2012 11:19:54 +1000
Subject: auth/credentials: Do not print passwords in a talloc memory dump

The fact that a password was created here is enough information, so
overwrite with the function name and line.

Andrew Bartlett
---
 auth/credentials/credentials.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'auth')

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 05f0a624db..e6361239e9 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -371,6 +371,10 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
 {
 	if (obtained >= cred->password_obtained) {
 		cred->password = talloc_strdup(cred, val);
+		if (cred->password) {
+			/* Don't print the actual password in talloc memory dumps */
+			talloc_set_name_const(cred->password, "password set via cli_credentials_set_password");
+		}
 		cred->password_obtained = obtained;
 		cli_credentials_invalidate_ccache(cred, cred->password_obtained);
 
@@ -416,6 +420,10 @@ _PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred,
 				      enum credentials_obtained obtained)
 {
 	cred->old_password = talloc_strdup(cred, val);
+	if (cred->old_password) {
+		/* Don't print the actual password in talloc memory dumps */
+		talloc_set_name_const(cred->old_password, "password set via cli_credentials_set_old_password");
+	}
 	return true;
 }
 
-- 
cgit