explicit_bzero for sslpassword

Started by Daniel Gustafssonalmost 6 years ago4 messageshackers

daniel@yesql.se

almost 6 years ago

Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
password in libpq, but not sslpassword which seems an oversight. The attached
performs an explicit_bzero before freeing like the pattern for other password
variables.

cheers ./daniel

Michael Paquier

michael@paquier.xyz

almost 6 years ago

In reply to: Daniel Gustafsson (#1)

Re: explicit_bzero for sslpassword

On Tue, May 19, 2020 at 02:33:40PM +0200, Daniel Gustafsson wrote:

Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
password in libpq, but not sslpassword which seems an oversight. The attached
performs an explicit_bzero before freeing like the pattern for other password
variables.

Good catch, let's fix that. I would like to apply your suggested fix,
but let's see first if others have any comments.
--
Michael

Peter Eisentraut

peter_e@gmx.net

almost 6 years ago

In reply to: Michael Paquier (#2)

Re: explicit_bzero for sslpassword

On 2020-05-20 07:56, Michael Paquier wrote:

On Tue, May 19, 2020 at 02:33:40PM +0200, Daniel Gustafsson wrote:

Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
password in libpq, but not sslpassword which seems an oversight. The attached
performs an explicit_bzero before freeing like the pattern for other password
variables.

Good catch, let's fix that. I would like to apply your suggested fix,
but let's see first if others have any comments.

Looks correct to me.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Michael Paquier

michael@paquier.xyz

almost 6 years ago

In reply to: Peter Eisentraut (#3)

Re: explicit_bzero for sslpassword

On Wed, May 20, 2020 at 10:06:55AM +0200, Peter Eisentraut wrote:

Looks correct to me.

Thanks for confirming, Peter. Got this one applied.
--
Michael

explicit_bzero for sslpassword

Attachments: