Clear security sensitive data
As password is sensitive data Clear after use.
Tested:
Verified using ipmitool commands
Command: ipmitool user set password 5 asdf1234 //Set user password
Response: Set User Password command successful (user 5)
Command: ipmitool raw 6 0x47 5 2 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63
0x31 0 0 0 0 0 0 0 0 //set user password - set password
Response: //Success
Command: ipmitool raw 6 0x47 5 3 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63
0x31 0 0 0 0 0 0 0 0 //set user password - test password
Response: //Success
Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I06196233ac5468534bd10fd34f99f7d35fd7b971
diff --git a/user_channel/user_mgmt.cpp b/user_channel/user_mgmt.cpp
index e1e21c9..04eb2f9 100644
--- a/user_channel/user_mgmt.cpp
+++ b/user_channel/user_mgmt.cpp
@@ -737,6 +737,8 @@
maxIpmi20PasswordSize);
int retval = pamUpdatePasswd(userName.c_str(), passwd.c_str());
+ // Clear sensitive data
+ OPENSSL_cleanse(&passwd, passwd.length());
switch (retval)
{