The branch, master has been updated
via f8892391526 libcli/auth: Zero out password in smbencrypt.c
via 562c2a9b258 auth: Use new data_blob_..._s() functions and remove
talloc_keep_secret()
via f107aad79f0 librpc: Fix trailing white spaces in dcerpc.c
via 78ec0e4f6cd lib/util: Add tests for the new secure
data_blob_..._s() functions
via a8200c985d4 lib/util: Fix trailing white spaces in tests/data_blob.c
via 7e693b55730 lib/util: Avoid overwriting talloc chunk name in
talloc_keep_secret()
via 2ed6217dbce lib/util: Add data_blob_..._s() functions that call
talloc_keep_secret()
via 57eb42a276d lib/util: Move talloc_keep_secret.c from samba-util to
samba-util-core
via eac755badc9 lib/util: Set "PREDEFINED = DOXYGEN" in Doxyfile
via 94fc617a547 lib/util: Change comments to Doxygen in data_blob.h
via e53eba1e696 lib/util: Refactor data_blob.{h,c}
from 9cdc1eaa09a smbtorture: add test "smb.lease.two-leases"
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f88923915269eb4d80e65d89fc6332c20c195985
Author: Pavel Filipenský <[email protected]>
Date: Wed Nov 26 10:34:02 2025 +0100
libcli/auth: Zero out password in smbencrypt.c
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Pavel Filipensky <[email protected]>
Autobuild-Date(master): Mon Dec 8 18:21:45 UTC 2025 on atb-devel-224
commit 562c2a9b258288cbf3a5b07a9da56b69d0a5d7a2
Author: Pavel Filipenský <[email protected]>
Date: Wed Nov 26 10:34:02 2025 +0100
auth: Use new data_blob_..._s() functions and remove talloc_keep_secret()
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit f107aad79f06f1080e90e8888833e7205438bd7f
Author: Pavel Filipenský <[email protected]>
Date: Wed Nov 26 10:52:43 2025 +0100
librpc: Fix trailing white spaces in dcerpc.c
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 78ec0e4f6cdedc17becdfb8f9e35a5550d85ed04
Author: Pavel Filipenský <[email protected]>
Date: Wed Nov 26 08:06:21 2025 +0100
lib/util: Add tests for the new secure data_blob_..._s() functions
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit a8200c985d4669a36bdad289dd804cb309193e90
Author: Pavel Filipenský <[email protected]>
Date: Tue Nov 25 17:26:15 2025 +0100
lib/util: Fix trailing white spaces in tests/data_blob.c
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 7e693b55730ceba2ef326286a0c68d5d91324a22
Author: Pavel Filipenský <[email protected]>
Date: Wed Nov 26 11:13:50 2025 +0100
lib/util: Avoid overwriting talloc chunk name in talloc_keep_secret()
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 2ed6217dbcef5c345518e9caa90ee33ececbe3f2
Author: Pavel Filipenský <[email protected]>
Date: Wed Dec 3 17:47:57 2025 +0100
lib/util: Add data_blob_..._s() functions that call talloc_keep_secret()
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 57eb42a276d320342972aaf9426a68e07a07fc45
Author: Pavel Filipenský <[email protected]>
Date: Wed Dec 3 19:31:08 2025 +0100
lib/util: Move talloc_keep_secret.c from samba-util to samba-util-core
Needed by future data_blob.h changes. ctdb uses data_blob and links only
samba-util-core.
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit eac755badc95d5974274c859823ca892d57e0a68
Author: Pavel Filipenský <[email protected]>
Date: Fri Nov 28 09:35:49 2025 +0100
lib/util: Set "PREDEFINED = DOXYGEN" in Doxyfile
that will set -DDOXYGEN and code inside #ifdef DOXYGEN is parsed
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 94fc617a5475343b89d3e1bf7743575b923350b6
Author: Pavel Filipenský <[email protected]>
Date: Wed Dec 3 20:52:17 2025 +0100
lib/util: Change comments to Doxygen in data_blob.h
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit e53eba1e6963eb61e98ba208347b8edf4ce7eba3
Author: Pavel Filipenský <[email protected]>
Date: Wed Dec 3 17:47:54 2025 +0100
lib/util: Refactor data_blob.{h,c}
Makes data_blob_talloc_zero() use __location__ of the real caller
Signed-off-by: Pavel Filipenský <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_krb5.c | 3 +-
lib/util/Doxyfile | 1 +
lib/util/data_blob.c | 21 ----
lib/util/data_blob.h | 161 +++++++++++++++++++++++--
lib/util/talloc_keep_secret.c | 1 -
lib/util/tests/data_blob.c | 69 +++++++++--
lib/util/tests/test_talloc_keep_secret.c | 4 -
lib/util/wscript_build | 3 +-
libcli/auth/smbencrypt.c | 2 +-
libcli/smb/smb2_signing.c | 6 +-
source3/passdb/machine_account_secrets.c | 9 +-
source3/rpc_client/cli_pipe.c | 3 +-
source3/smbd/smb1_reply.c | 11 +-
source3/smbd/smb1_sesssetup.c | 12 +-
source3/smbd/smb2_sesssetup.c | 10 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 8 +-
source4/kdc/db-glue.c | 8 +-
source4/librpc/rpc/dcerpc.c | 79 ++++++------
18 files changed, 281 insertions(+), 130 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_krb5.c
b/auth/credentials/credentials_krb5.c
index 8d289e26781..10a474420d7 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -1695,7 +1695,7 @@ _PUBLIC_ int cli_credentials_get_kerberos_key(struct
cli_credentials *cred,
TALLOC_FREE(frame);
return EINVAL;
}
- *key_blob = data_blob_talloc(mem_ctx,
+ *key_blob = data_blob_talloc_s(mem_ctx,
KRB5_KEY_DATA(&key),
KRB5_KEY_LENGTH(&key));
krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &key);
@@ -1703,7 +1703,6 @@ _PUBLIC_ int cli_credentials_get_kerberos_key(struct
cli_credentials *cred,
TALLOC_FREE(frame);
return ENOMEM;
}
- talloc_keep_secret(key_blob->data);
TALLOC_FREE(frame);
return 0;
diff --git a/lib/util/Doxyfile b/lib/util/Doxyfile
index 02e36a7af93..b71e092c69e 100644
--- a/lib/util/Doxyfile
+++ b/lib/util/Doxyfile
@@ -22,3 +22,4 @@ HTML_OUTPUT = html
GENERATE_MAN = YES
ALWAYS_DETAILED_SEC = YES
JAVADOC_AUTOBRIEF = YES
+PREDEFINED = DOXYGEN
diff --git a/lib/util/data_blob.c b/lib/util/data_blob.c
index 9372612d8a3..12f4173c5e6 100644
--- a/lib/util/data_blob.c
+++ b/lib/util/data_blob.c
@@ -31,15 +31,6 @@ const DATA_BLOB data_blob_null = { NULL, 0 };
* @brief Manipulation of arbitrary data blobs
**/
-/**
- construct a data blob, must be freed with data_blob_free()
- you can pass NULL for p and get a blank data blob
-**/
-_PUBLIC_ DATA_BLOB data_blob_named(const void *p, size_t length, const char
*name)
-{
- return data_blob_talloc_named(NULL, p, length, name);
-}
-
/**
construct a data blob, using supplied TALLOC_CTX
**/
@@ -66,18 +57,6 @@ _PUBLIC_ DATA_BLOB data_blob_talloc_named(TALLOC_CTX
*mem_ctx, const void *p, si
return ret;
}
-/**
- construct a zero data blob, using supplied TALLOC_CTX.
- use this sparingly as it initialises data - better to initialise
- yourself if you want specific data in the blob
-**/
-_PUBLIC_ DATA_BLOB data_blob_talloc_zero(TALLOC_CTX *mem_ctx, size_t length)
-{
- DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, length);
- data_blob_clear(&blob);
- return blob;
-}
-
/**
free a data blob
**/
diff --git a/lib/util/data_blob.h b/lib/util/data_blob.h
index 6577630e592..1196eb52eb1 100644
--- a/lib/util/data_blob.h
+++ b/lib/util/data_blob.h
@@ -33,6 +33,14 @@
#include <talloc.h>
#include <stdbool.h>
#include <stdint.h>
+#include "lib/util/talloc_keep_secret.h"
+
+/**
+ * @defgroup data_blob The data_blob API
+ * @brief The defines the data_blob API and provides function working with it.
+ *
+ * @{
+ */
/* used to hold an arbitrary blob of data */
typedef struct datablob {
@@ -44,27 +52,110 @@ typedef struct datablob {
a fair bit of code */
#define ldb_val datablob
+#ifdef DOXYGEN
+/**
+ * @brief Construct a data blob using a new top level TALLOC_CTX.
+ * You can pass NULL for ptr and get a blank data blob.
+ * Blob must be freed with data_blob_free().
+ */
+DATA_BLOB data_blob(const void *ptr, size_t size);
+#else
#define data_blob(ptr, size) data_blob_named(ptr, size, "DATA_BLOB: "
__location__)
+#endif
+
+#ifdef DOXYGEN
+/**
+ * @brief Construct a data blob using supplied TALLOC_CTX.
+ * You can pass NULL for ptr and get a blank data blob.
+ */
+DATA_BLOB data_blob_talloc(TALLOC_CTX *mem_ctx, const void *ptr, size_t size);
+#else
#define data_blob_talloc(ctx, ptr, size) data_blob_talloc_named(ctx, ptr,
size, "DATA_BLOB: " __location__)
+#endif
+
+#ifdef DOXYGEN
+/**
+ * @brief Construct a data blob using supplied TALLOC_CTX.
+ * Data is initialized using provided blob.
+ */
+DATA_BLOB data_blob_dup_talloc(TALLOC_CTX *mem_ctx, DATA_BLOB blob);
+#else
#define data_blob_dup_talloc(ctx, blob) data_blob_talloc_named(ctx,
(blob).data, (blob).length, "DATA_BLOB: " __location__)
+#endif
+#ifdef DOXYGEN
/**
- construct a data blob, must be freed with data_blob_free()
- you can pass NULL for p and get a blank data blob
-**/
-_PUBLIC_ DATA_BLOB data_blob_named(const void *p, size_t length, const char
*name);
+ * @brief Construct a data blob using a new top level TALLOC_CTX.
+ * You can pass NULL for ptr and get a blank data blob.
+ * Blob must be freed with data_blob_free().
+ */
+DATA_BLOB data_blob_named(const void *ptr, size_t size, const char *name);
+#else
+#define data_blob_named(ptr, size, name) \
+ data_blob_talloc_named(NULL, (ptr), (size), name)
+#endif
/**
- construct a data blob, using supplied TALLOC_CTX
-**/
+ * @brief Construct a data blob using supplied TALLOC_CTX and using data
+ * supplied via ptr and length and give it an explicit talloc chunk name.
+ */
+/**
+ * @brief Construct a data blob, using data supplied pointer and length
+ *
+ * @param mem_ctx memory context, if NULL a new top level context is used
+ * @param p pointer to input data, you can pass NULL and get a blank
data
+ * blob
+ * @param length data length
+ * @param name talloc chunk name
+ * @return the blob
+ */
_PUBLIC_ DATA_BLOB data_blob_talloc_named(TALLOC_CTX *mem_ctx, const void *p,
size_t length, const char *name);
+#ifdef DOXYGEN
/**
- construct a zero data blob, using supplied TALLOC_CTX.
- use this sparingly as it initialises data - better to initialise
- yourself if you want specific data in the blob
-**/
-_PUBLIC_ DATA_BLOB data_blob_talloc_zero(TALLOC_CTX *mem_ctx, size_t length);
+ * @brief Construct a data blob using supplied TALLOC_CTX.
+ * Data is initialized with zeros.
+ */
+DATA_BLOB data_blob_talloc_zero(TALLOC_CTX *mem_ctx, size_t size);
+#else
+#define data_blob_talloc_zero(ctx, size) \
+ _data_blob_talloc_zero((ctx), (size), "DATA_BLOB: " __location__)
+#endif
+
+#ifdef DOXYGEN
+/**
+ * @brief Construct a data blob using supplied TALLOC_CTX.
+ * Data is initialized with zeros and zeroed out when freed.
+ */
+DATA_BLOB data_blob_talloc_zero_s(TALLOC_CTX *mem_ctx, size_t size);
+#else
+#define data_blob_talloc_zero_s(ctx, size) \
+ _data_blob_talloc_zero_s((ctx), (size), "DATA_BLOB: " __location__)
+#endif
+
+#ifdef DOXYGEN
+/**
+ * @brief Construct a data blob using supplied TALLOC_CTX.
+ * You can pass NULL for ptr and get a blank data blob.
+ * Data is zeroed out when freed.
+ */
+DATA_BLOB data_blob_talloc_s(TALLOC_CTX *mem_ctx, const void *ptr, size_t
size);
+#else
+#define data_blob_talloc_s(ctx, ptr, size) \
+ _data_blob_talloc_s((ctx), (ptr), (size), "DATA_BLOB: " __location__)
+#endif
+
+#ifdef DOXYGEN
+/**
+ * @brief Construct a data blob using supplied TALLOC_CTX.
+ * Data is initialized using provided blob.
+ * Data is zeroed out when freed.
+ */
+DATA_BLOB data_blob_dup_talloc_s(TALLOC_CTX *mem_ctx, DATA_BLOB blob);
+#else
+#define data_blob_dup_talloc_s(ctx, blob) \
+ _data_blob_dup_talloc_s((ctx), (blob), "DATA_BLOB: " __location__)
+#endif
/**
free a data blob
@@ -81,6 +172,52 @@ free a data blob and clear its contents
**/
_PUBLIC_ void data_blob_clear_free(DATA_BLOB *d);
+static inline DATA_BLOB _data_blob_talloc_zero(TALLOC_CTX *ctx,
+ size_t size,
+ const char *name)
+{
+ DATA_BLOB b = data_blob_talloc_named(ctx, 0, size, name);
+ if (b.data != NULL) {
+ data_blob_clear(&b);
+ }
+ return b;
+}
+
+static inline DATA_BLOB _data_blob_talloc_s(TALLOC_CTX *ctx,
+ const void *p,
+ size_t size,
+ const char *name)
+{
+ DATA_BLOB b = data_blob_talloc_named(ctx, p, size, name);
+ if (b.data != NULL) {
+ talloc_keep_secret(b.data);
+ }
+ return b;
+}
+
+static inline DATA_BLOB _data_blob_talloc_zero_s(TALLOC_CTX *ctx,
+ size_t size,
+ const char *name)
+{
+ DATA_BLOB b = data_blob_talloc_named(ctx, 0, size, name);
+ if (b.data != NULL) {
+ data_blob_clear(&b);
+ talloc_keep_secret(b.data);
+ }
+ return b;
+}
+
+static inline DATA_BLOB _data_blob_dup_talloc_s(TALLOC_CTX *ctx,
+ DATA_BLOB blob,
+ const char *name)
+{
+ DATA_BLOB b = data_blob_talloc_named(ctx, blob.data, blob.length, name);
+ if (b.data != NULL) {
+ talloc_keep_secret(b.data);
+ }
+ return b;
+}
+
/**
check if two data blobs are equal
**/
@@ -141,4 +278,6 @@ _PUBLIC_ bool data_blob_pad(TALLOC_CTX *mem_ctx, DATA_BLOB
*blob,
extern const DATA_BLOB data_blob_null;
+/** @} */ /* data_blob */
+
#endif /* _SAMBA_DATABLOB_H_ */
diff --git a/lib/util/talloc_keep_secret.c b/lib/util/talloc_keep_secret.c
index eb5bb80ff37..c7d66a4d5e7 100644
--- a/lib/util/talloc_keep_secret.c
+++ b/lib/util/talloc_keep_secret.c
@@ -49,6 +49,5 @@ void _talloc_keep_secret(void *ptr, const char *name)
return;
}
- talloc_set_name_const(ptr, name);
talloc_set_destructor(ptr, talloc_keep_secret_destructor);
}
diff --git a/lib/util/tests/data_blob.c b/lib/util/tests/data_blob.c
index e1e8129a259..423d4d1edee 100644
--- a/lib/util/tests/data_blob.c
+++ b/lib/util/tests/data_blob.c
@@ -1,20 +1,20 @@
-/*
+/*
Unix SMB/CIFS implementation.
data blob testing
Copyright (C) Jelmer Vernooij <[email protected]> 2008
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -25,7 +25,7 @@
static bool test_string(struct torture_context *tctx)
{
- DATA_BLOB blob = data_blob_string_const("bla");
+ DATA_BLOB blob = data_blob_string_const("bla");
torture_assert_int_equal(tctx, blob.length, 3, "blob length");
torture_assert_str_equal(tctx, (char *)blob.data, "bla", "blob data");
@@ -35,7 +35,7 @@ static bool test_string(struct torture_context *tctx)
static bool test_string_null(struct torture_context *tctx)
{
- DATA_BLOB blob = data_blob_string_const_null("bla");
+ DATA_BLOB blob = data_blob_string_const_null("bla");
torture_assert_int_equal(tctx, blob.length, 4, "blob length");
torture_assert_str_equal(tctx, (char *)blob.data, "bla", "blob data");
@@ -54,6 +54,58 @@ static bool test_zero(struct torture_context *tctx)
return true;
}
+static bool test_zero_s(struct torture_context *tctx)
+{
+ DATA_BLOB z = data_blob_talloc_zero_s(tctx, 4);
+ int i;
+ uint8_t *p;
+
+ torture_assert_int_equal(tctx, z.length, 4, "length");
+ for (i = 0; i < z.length; i++)
+ torture_assert_int_equal(tctx, z.data[i], 0, "contents");
+ z.data[0] = 'a';
+ p = z.data; /* store pointer that will be freed */
+ torture_assert_int_equal(tctx, *p, 'a', "contents");
+ data_blob_free(&z);
+ /* coverity[use_after_free] */
+ torture_assert_int_equal(tctx, *p, 0, "contents");
+ return true;
+}
+
+static bool test_talloc_s(struct torture_context *tctx)
+{
+ DATA_BLOB z = data_blob_talloc_s(tctx, "hello", 5);
+ int i;
+ uint8_t *p;
+
+ torture_assert_int_equal(tctx, z.length, 5, "length");
+ for (i = 0; i < z.length; i++)
+ torture_assert_int_not_equal(tctx, z.data[i], 0, "data");
+ p = z.data; /* store pointer that will be freed */
+ data_blob_free(&z);
+ for (i = 0; i < 5; i++)
+ /* coverity[use_after_free] */
+ torture_assert_int_equal(tctx, p[i], 0, "data");
+ return true;
+}
+
+static bool test_dup_talloc_s(struct torture_context *tctx)
+{
+ DATA_BLOB b = data_blob_string_const("abcd");
+ DATA_BLOB z = data_blob_dup_talloc_s(tctx, b);
+ int i;
+ uint8_t *p;
+
+ torture_assert_int_equal(tctx, z.length, 4, "length");
+ for (i = 0; i < b.length; i++)
+ torture_assert_int_equal(tctx, z.data[i], b.data[i], "data");
+ p = z.data; /* store pointer that will be freed */
+ data_blob_free(&z);
+ for (i = 0; i < b.length; i++)
+ /* coverity[use_after_free] */
+ torture_assert_int_equal(tctx, p[i], 0, "data");
+ return true;
+}
static bool test_clear(struct torture_context *tctx)
{
@@ -160,7 +212,10 @@ struct torture_suite
*torture_local_util_data_blob(TALLOC_CTX *mem_ctx)
torture_suite_add_simple_test(suite, "string", test_string);
torture_suite_add_simple_test(suite, "string_null", test_string_null);
- torture_suite_add_simple_test(suite, "zero", test_zero);;
+ torture_suite_add_simple_test(suite, "zero", test_zero);
+ torture_suite_add_simple_test(suite, "zero_s", test_zero_s);
+ torture_suite_add_simple_test(suite, "talloc_s", test_talloc_s);
+ torture_suite_add_simple_test(suite, "dup_s", test_dup_talloc_s);
torture_suite_add_simple_test(suite, "clear", test_clear);
torture_suite_add_simple_test(suite, "cmp", test_cmp);
torture_suite_add_simple_test(suite, "equal_const_time",
test_equal_const_time);
diff --git a/lib/util/tests/test_talloc_keep_secret.c
b/lib/util/tests/test_talloc_keep_secret.c
index 66c3f7f3e7a..7c39431694d 100644
--- a/lib/util/tests/test_talloc_keep_secret.c
+++ b/lib/util/tests/test_talloc_keep_secret.c
@@ -24,7 +24,6 @@ static void test_talloc_keep_secret(void ** state)
TALLOC_CTX *pool = NULL;
char *ptr1 = NULL;
char *ptr2 = NULL;
- const char *ptr1_talloc_name = NULL;
size_t ptr1_size;
size_t i;
@@ -37,9 +36,6 @@ static void test_talloc_keep_secret(void ** state)
talloc_keep_secret(ptr1);
- ptr1_talloc_name = talloc_get_name(ptr1);
- assert_string_equal(ptr1_talloc_name, "ptr1");
-
ptr1_size = talloc_get_size(ptr1);
assert_int_equal(ptr1_size, strlen(ptr1) + 1);
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 9dff0e8925d..21a94f60cac 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -92,6 +92,7 @@ bld.SAMBA_SUBSYSTEM('smb-panic',
bld.SAMBA_SUBSYSTEM('samba-util-core',
source='''
data_blob.c
+ talloc_keep_secret.c
util_file.c
sys_popen.c
time.c
@@ -198,7 +199,6 @@ else:
server_id.c
smb_threads.c
system.c
- talloc_keep_secret.c
talloc_stack.c
tevent_debug.c
tfork.c
@@ -235,6 +235,7 @@ else:
fault.h
genrand.h
tfork.h
+ talloc_keep_secret.h
''',
header_path= [ ('dlinklist.h samba_util.h', '.'), ('*',
'util') ],
local_include=False,
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 03195855e92..b130c0abe34 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -1472,7 +1472,7 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
new_password.length,
pp_new_pwrd,
new_pw_len);
- data_blob_free(&new_password);
+ data_blob_clear_free(&new_password);
if (!ok) {
DBG_ERR("Failed to convert incoming password\n");
return false;
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 94ff51f2e93..e313b627ea8 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -120,12 +120,11 @@ NTSTATUS smb2_signing_key_copy(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
- dst->blob = data_blob_talloc_zero(dst, src->blob.length);
+ dst->blob = data_blob_talloc_zero_s(dst, src->blob.length);
if (dst->blob.length == 0) {
TALLOC_FREE(dst);
return NT_STATUS_NO_MEMORY;
}
- talloc_keep_secret(dst->blob.data);
memcpy(dst->blob.data, src->blob.data, dst->blob.length);
*_dst = dst;
@@ -243,12 +242,11 @@ static NTSTATUS smb2_signing_key_create(TALLOC_CTX
*mem_ctx,
return NT_STATUS_OK;
}
- key->blob = data_blob_talloc_zero(key, out_key_length);
+ key->blob = data_blob_talloc_zero_s(key, out_key_length);
if (key->blob.length == 0) {
TALLOC_FREE(key);
return NT_STATUS_NO_MEMORY;
}
- talloc_keep_secret(key->blob.data);
memcpy(key->blob.data,
master_key->data,
MIN(key->blob.length, master_key->length));
diff --git a/source3/passdb/machine_account_secrets.c
b/source3/passdb/machine_account_secrets.c
index 525092b2e1a..13a4ba45283 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1071,7 +1071,7 @@ static int secrets_domain_info_kerberos_keys(struct
secrets_domain_info1_passwor
return ENOMEM;
--
Samba Shared Repository
