From 7360cb638af42da13658c24a31790651664d2da9 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Tue, 7 Jul 2015 13:08:39 +0200
Subject: [PATCH] Erasing memory on credentials or SecBuffer free.

---
 winpr/libwinpr/sspi/sspi_winpr.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/winpr/libwinpr/sspi/sspi_winpr.c b/winpr/libwinpr/sspi/sspi_winpr.c
index 3b3618317..3f95526f1 100644
--- a/winpr/libwinpr/sspi/sspi_winpr.c
+++ b/winpr/libwinpr/sspi/sspi_winpr.c
@@ -228,9 +228,28 @@ SSPI_CREDENTIALS* sspi_CredentialsNew()
 
 void sspi_CredentialsFree(SSPI_CREDENTIALS* credentials)
 {
+	size_t userLength;
+	size_t domainLength;
+	size_t passwordLength;
+
 	if (!credentials)
 		return;
 
+	userLength = credentials->identity.UserLength;
+	domainLength = credentials->identity.DomainLength;
+	passwordLength = credentials->identity.PasswordLength;
+
+	if (credentials->identity.Flags & SEC_WINNT_AUTH_IDENTITY_UNICODE)
+	{
+		userLength *= 2;
+		domainLength *= 2;
+		passwordLength *= 2;
+	}
+
+	memset(credentials->identity.User, 0, userLength);
+	memset(credentials->identity.Domain, 0, domainLength);
+	memset(credentials->identity.Password, 0, passwordLength);
+
 	free(credentials->identity.User);
 	free(credentials->identity.Domain);
 	free(credentials->identity.Password);
@@ -256,6 +275,7 @@ void sspi_SecBufferFree(PSecBuffer SecBuffer)
 	if (!SecBuffer)
 		return;
 
+	memset(SecBuffer->pvBuffer, 0, SecBuffer->cbBuffer);
 	free(SecBuffer->pvBuffer);
 	SecBuffer->pvBuffer = NULL;
 	SecBuffer->cbBuffer = 0;