2

I'm using the Windows credentials store like this:

PCREDENTIAL cred = nullptr;
if (CredRead(entryName, 1, 0, &cred) != TRUE || !cred)
    return -1;

// ... code which handles cred.UserName and cred.CredentialBlob

CredFree(cred);

As you can see I free the buffer as required. However, I see that the LPBYTE pointer CredentialBlob is still valid an still contains the password in memory. Do I have to SecureZeroMemory it manually and who owns the buffer? I found no other source code which does that...

I haven't found anything, https://msdn.microsoft.com/library/aa919793.aspx contains just the following generic statement:

Clear credential data from memory after use

Do not leave credentials in memory after use. Clear all credential data from temporary storage after use by calling SecureZeroMemory.

MrTux
  • 32,350
  • 30
  • 109
  • 146

2 Answers2

3

You own the buffer. The documentation states:

Any pointers contained within the buffer are pointers to locations within this single allocated block.

In an ideal world, CredFree would zero the entire block before freeing it, and it might be worth submitting a suggestion to Microsoft to this effect, but as things stand, your best bet is probably to do the following before calling CredFree:

SecureZeroMemory (cred->CredentialBlob, cred->CredentialBlobSize);
Paul Sanders
  • 24,133
  • 4
  • 26
  • 48
2

However, I see that the LPBYTE pointer CredentialBlob is still valid

How do you determine this? Most likely you are committing UB by reading dead memory.

an still contains the password in memory

This is more concerning but the text you quoted tells you what to do about it.

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
  • 1
    I run the debugger and see in the memory view, that the CredentialBlob is not zero'd out(or otherwise feed). That should be done explicitly as it might contain sensitive data. – MrTux Dec 31 '18 at 15:41