From 6798f591bd887f20ddb63b39bad50a28a327cdea Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Thu, 23 Apr 2026 16:45:21 +0200
Subject: [PATCH] security: clear RAOP password from memory before freeing

Information Disclosure: Medium

The RAOP authentication password was freed without first clearing the
memory contents. This leaves the plaintext password in freed heap
memory where it could be recovered by an attacker with access to
process memory (e.g. via /proc/pid/mem, core dumps, or a separate
memory safety vulnerability).

Use explicit_bzero() to securely clear the password before freeing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/modules/module-raop-sink.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/modules/module-raop-sink.c b/src/modules/module-raop-sink.c
index b1becba9d..593352b80 100644
--- a/src/modules/module-raop-sink.c
+++ b/src/modules/module-raop-sink.c
@@ -1671,7 +1671,10 @@ static void impl_destroy(struct impl *impl)
 	pw_properties_free(impl->headers);
 	pw_properties_free(impl->stream_props);
 	pw_properties_free(impl->props);
-	free(impl->password);
+	if (impl->password) {
+		explicit_bzero(impl->password, strlen(impl->password));
+		free(impl->password);
+	}
 	free(impl);
 }