Missing credentials BLOB sanitizing added

2016-10-17 13:18:54 +02:00 · 2016-10-17 13:18:54 +02:00 · af2d0fde1f
commit af2d0fde1f
parent 31f4ec4b93
1 changed files with 3 additions and 1 deletions
--- a/lib/EAPMsg/src/Credentials.cpp
+++ b/lib/EAPMsg/src/Credentials.cpp
@ -301,9 +301,11 @@ eap::credentials::source_t eap::credentials_eapmsg::combine(
            // Inner EAP method provided identity and does not require additional UI prompt.
            m_identity = identity.get();
            m_cred_blob.assign(cred_data.get(), cred_data.get() + cred_data_size);
+            SecureZeroMemory(cred_data.get(), cred_data_size);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_EAPMSG, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
            return source_lower;
-        }
+        } else
+            SecureZeroMemory(cred_data.get(), cred_data_size);
    } else if (error) {
        // An EAP error in inner EAP method occurred.
        m_module.log_error(error.get());