explicit_bzero for sslpassword

Started by Daniel Gustafssonover 5 years ago4 messages

daniel@yesql.se

over 5 years ago

1 attachment(s)

Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
password in libpq, but not sslpassword which seems an oversight. The attached
performs an explicit_bzero before freeing like the pattern for other password
variables.

cheers ./daniel

Attachments:

sslpassword_bzero.patchapplication/octet-stream; name=sslpassword_bzero.patch; x-unix-mode=0644Download

From 3163f0412b54101b7669169a73c926df1f39f467 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Sun, 17 May 2020 04:43:45 +0200
Subject: [PATCH] Make sure to zero out password storage

Commit 74a308cf5221f introducded explicit_bzero for use on password
storage and other sensitive pieces of memory before freeing.  Make
sure to use on sslpassword as well.
---
 src/interfaces/libpq/fe-connect.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index d5da6dce1e..ae4a32e45b 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -4037,7 +4037,10 @@ freePGconn(PGconn *conn)
 	if (conn->sslkey)
 		free(conn->sslkey);
 	if (conn->sslpassword)
+	{
+		explicit_bzero(conn->sslpassword, strlen(conn->sslpassword));
 		free(conn->sslpassword);
+	}
 	if (conn->sslrootcert)
 		free(conn->sslrootcert);
 	if (conn->sslcrl)
-- 
2.21.1 (Apple Git-122.3)

Michael Paquier

michael@paquier.xyz

over 5 years ago

In reply to: Daniel Gustafsson (#1)

Re: explicit_bzero for sslpassword

On Tue, May 19, 2020 at 02:33:40PM +0200, Daniel Gustafsson wrote:

Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
password in libpq, but not sslpassword which seems an oversight. The attached
performs an explicit_bzero before freeing like the pattern for other password
variables.

Good catch, let's fix that. I would like to apply your suggested fix,
but let's see first if others have any comments.
--
Michael

Peter Eisentraut

peter.eisentraut@2ndquadrant.com

over 5 years ago

In reply to: Michael Paquier (#2)

Re: explicit_bzero for sslpassword

On 2020-05-20 07:56, Michael Paquier wrote:

On Tue, May 19, 2020 at 02:33:40PM +0200, Daniel Gustafsson wrote:

Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
password in libpq, but not sslpassword which seems an oversight. The attached
performs an explicit_bzero before freeing like the pattern for other password
variables.

Good catch, let's fix that. I would like to apply your suggested fix,
but let's see first if others have any comments.

Looks correct to me.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Michael Paquier

michael@paquier.xyz

over 5 years ago

In reply to: Peter Eisentraut (#3)

Re: explicit_bzero for sslpassword

On Wed, May 20, 2020 at 10:06:55AM +0200, Peter Eisentraut wrote:

Looks correct to me.

Thanks for confirming, Peter. Got this one applied.
--
Michael