Full_Name: Alan Cronin Version: 2.4.44 OS: Windows 8.1 URL: https://dl.dropboxusercontent.com/u/82343475/SecurelyEraseBuffer.diff Submission from: (NULL) (2001:420:4041:2003:f942:59a5:545f:b334)

The following patch is a modification to the OpenLDAP BerElement buffer. The buffer can be used to contain the LDAP request including the password for authentication. While this is free'd when it is no longer needed, the contents of the buffer is not overwritten from memory. This can lead to someone reading the memory of the process and determining what the password is. The change included in this patch will iterate over the memory and clear it. This will remove any trace of the password by the time execution is handed back to the caller.

The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Alan Cronin alcronin@cisco.com. I have not assigned rights and/or interest in this work to any party. The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Cisco Systems, Inc.. Cisco Systems, Inc. has not assigned rights and/or interest in this work to any party. I, Alan Cronin am authorized by Cisco Systems, Inc., my employer, to release this work under the following terms. Cisco Systems, Inc. hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.