From c97186ae96d4835841b02d377a9002d078a6f83b Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Mon, 26 Sep 2016 07:56:26 +0200
Subject: Ensure sensitive memory is correctly erased.

---
 DcsCfg/DcsCfgCrypt.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'DcsCfg')

diff --git a/DcsCfg/DcsCfgCrypt.c b/DcsCfg/DcsCfgCrypt.c
index d031dcb..4b700b6 100644
--- a/DcsCfg/DcsCfgCrypt.c
+++ b/DcsCfg/DcsCfgCrypt.c
@@ -163,7 +163,14 @@ ChangePassword(
 		ZeroMem(&newPassword, sizeof(newPassword));
 		ZeroMem(&confirmPassword, sizeof(newPassword));
 		VCAskPwd(AskPwdNew, &newPassword);
+		if (gAuthPwdCode == AskPwdRetCancel) {
+			return EFI_NOT_READY;
+		}
 		VCAskPwd(AskPwdConfirm, &confirmPassword);
+		if (gAuthPwdCode == AskPwdRetCancel) {
+			burn(&newPassword, sizeof(newPassword));
+			return EFI_NOT_READY;
+		}
 		if (newPassword.Length == confirmPassword.Length) {
 			if (CompareMem(newPassword.Text, confirmPassword.Text, confirmPassword.Length) == 0) {
 				break;
@@ -191,6 +198,10 @@ ChangePassword(
 		cryptoInfo->HeaderFlags,
 		cryptoInfo->SectorSize,
 		FALSE);
+		
+		
+	burn(&newPassword, sizeof(newPassword));
+	burn(&confirmPassword, sizeof(confirmPassword));
 
 	if (vcres != 0) {
 		ERR_PRINT(L"header create error(%x)\n", vcres);
-- 
cgit v1.2.3