Clear security sensitive data As password is sensitive data Clear after use. Tested: Verified using ipmitool commands Command: ipmitool user set password 5 asdf1234 //Set user password Response: Set User Password command successful (user 5) Command: ipmitool raw 6 0x47 5 2 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63 0x31 0 0 0 0 0 0 0 0 //set user password - set password Response: //Success Command: ipmitool raw 6 0x47 5 3 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63 0x31 0 0 0 0 0 0 0 0 //set user password - test password Response: //Success Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: I06196233ac5468534bd10fd34f99f7d35fd7b971

commit: 70bd0635acd98d409577e6faee774970118053f2 [log] [tgz]
author: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Fri Oct 23 06:24:55 2020 +0000
committer: Vernon Mauery <vernon.mauery@linux.intel.com> Fri Jan 15 23:53:06 2021 +0000
tree: 298c66f30bc81e3e3d9b3a323388951c56b3c5fa
parent: 0213f901e3845c3b8a8e17c5d0402646b1f43cc8 [diff] [blame]
diff --git a/user_channel/user_mgmt.cpp b/user_channel/user_mgmt.cpp
index e1e21c9..04eb2f9 100644
--- a/user_channel/user_mgmt.cpp
+++ b/user_channel/user_mgmt.cpp

@@ -737,6 +737,8 @@
                   maxIpmi20PasswordSize);
 
     int retval = pamUpdatePasswd(userName.c_str(), passwd.c_str());
+    // Clear sensitive data
+    OPENSSL_cleanse(&passwd, passwd.length());
 
     switch (retval)
     {
commit	70bd0635acd98d409577e6faee774970118053f2	[log] [tgz]
author	Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>	Fri Oct 23 06:24:55 2020 +0000
committer	Vernon Mauery <vernon.mauery@linux.intel.com>	Fri Jan 15 23:53:06 2021 +0000
tree	298c66f30bc81e3e3d9b3a323388951c56b3c5fa
parent	0213f901e3845c3b8a8e17c5d0402646b1f43cc8 [diff] [blame]