Resolving concerns of the security team. Fixes: https://bugs.launchpad.net/bugs/1039634. Approved by Albert Astals Cid, jenkins.

1 files changed, 11 insertions, 4 deletions

diff --git a/src/freerdp-auth-check.c b/src/freerdp-auth-check.c
index d50833b..e5e9d13 100644
--- a/src/freerdp-auth-check.c
+++ b/src/freerdp-auth-check.c
@@ -60,6 +60,10 @@ main (int argc, char * argv[])
 		return -1;
 	}
 
+	if (mlock(password, sizeof(password)) != 0) {
+		return -1;
+	}
+
 	freerdp_channels_global_init();
 
 	freerdp * instance = freerdp_new();
@@ -77,7 +81,6 @@ main (int argc, char * argv[])
 	instance->settings->username = argv[2];
 	instance->settings->domain = argv[3];
 	instance->settings->password = password;
-	instance->settings->ignore_certificate = true;
 
 	char * colonloc = strstr(argv[1], ":");
 	if (colonloc != NULL) {
@@ -88,10 +91,14 @@ main (int argc, char * argv[])
 		instance->settings->port = strtoul(colonloc, NULL, 10);
 	}
 
+	int retval = -1;
 	if (freerdp_connect(instance)) {
 		freerdp_disconnect(instance);
-		return 0;
-	} else {
-		return -1;
+		retval = 0;
 	}
+
+	memset(password, 0, sizeof(password));
+	munlock(password, sizeof(password));
+
+	return retval;
 }