s3:auth: Zero memory in sam_password_ok()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

source3/auth/check_samsec.c

@@ -81,19 +81,20 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx,
 			if (nt_pw) {
 				*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
 				if (!user_sess_key->data) {
-					return NT_STATUS_NO_MEMORY;
+					status = NT_STATUS_NO_MEMORY;
+					goto done;
 				}
 				SMBsesskeygen_ntv1(nt_pw, user_sess_key->data);
 			}
 		}
-		return status;
+		break;
 
 	/* Eventually we should test plaintext passwords in their own
 	 * function, not assuming the caller has done a
 	 * mapping */
 	case AUTH_PASSWORD_PLAIN:
 	case AUTH_PASSWORD_RESPONSE:
-		return ntlm_password_check(mem_ctx, lp_lanman_auth(),
+		status = ntlm_password_check(mem_ctx, lp_lanman_auth(),
 					   lp_ntlm_auth(),
 					   user_info->logon_parameters,
 					   challenge,
@@ -104,10 +105,15 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx,
 					   lm_hash,
 					   nt_hash,
 					   user_sess_key, lm_sess_key);
+		break;
 	default:
 		DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n", username, user_info->password_state));
-		return NT_STATUS_INTERNAL_ERROR;
+		status = NT_STATUS_INTERNAL_ERROR;
 	}
+done:
+	ZERO_STRUCTP(lm_hash);
+	ZERO_STRUCTP(nt_hash);
+	return status;
 }
 
 /****************************************************************************