credui: Make sure not to leave the password in memory when no longer in use.

dlls/credui/credui_main.c

@@ -79,6 +79,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
 
             HeapFree(GetProcessHeap(), 0, entry->pszTargetName);
             HeapFree(GetProcessHeap(), 0, entry->pszUsername);
+            ZeroMemory(entry->pszPassword, (strlenW(entry->pszPassword) + 1) * sizeof(WCHAR));
             HeapFree(GetProcessHeap(), 0, entry->pszPassword);
             HeapFree(GetProcessHeap(), 0, entry);
         }
@@ -387,6 +388,7 @@ DWORD WINAPI CredUIPromptForCredentialsW(PCREDUI_INFOW pUIInfo,
                 {
                     found = TRUE;
                     HeapFree(GetProcessHeap(), 0, entry->pszUsername);
+                    ZeroMemory(entry->pszPassword, (strlenW(entry->pszPassword) + 1) * sizeof(WCHAR));
                     HeapFree(GetProcessHeap(), 0, entry->pszPassword);
                 }
 
@@ -447,6 +449,7 @@ DWORD WINAPI CredUIConfirmCredentialsW(PCWSTR pszTargetName, BOOL bConfirm)
 
             HeapFree(GetProcessHeap(), 0, entry->pszTargetName);
             HeapFree(GetProcessHeap(), 0, entry->pszUsername);
+            ZeroMemory(entry->pszPassword, (strlenW(entry->pszPassword) + 1) * sizeof(WCHAR));
             HeapFree(GetProcessHeap(), 0, entry->pszPassword);
             HeapFree(GetProcessHeap(), 0, entry);