From af2d0fde1f9777477170fb2291f14c75ace24ed5 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Mon, 17 Oct 2016 13:18:54 +0200
Subject: [PATCH] Missing credentials BLOB sanitizing added

---
 lib/EAPMsg/src/Credentials.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/EAPMsg/src/Credentials.cpp b/lib/EAPMsg/src/Credentials.cpp
index 43a6cd1..23f7036 100644
--- a/lib/EAPMsg/src/Credentials.cpp
+++ b/lib/EAPMsg/src/Credentials.cpp
@@ -301,9 +301,11 @@ eap::credentials::source_t eap::credentials_eapmsg::combine(
             // Inner EAP method provided identity and does not require additional UI prompt.
             m_identity = identity.get();
             m_cred_blob.assign(cred_data.get(), cred_data.get() + cred_data_size);
+            SecureZeroMemory(cred_data.get(), cred_data_size);
             m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_EAPMSG, event_data((unsigned int)cfg.get_method_id()), event_data(get_name()), event_data(pszTargetName), event_data::blank);
             return source_lower;
-        }
+        } else
+            SecureZeroMemory(cred_data.get(), cred_data_size);
     } else if (error) {
         // An EAP error in inner EAP method occurred.
         m_module.log_error(error.get());