database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-23 03:21:12 +03:00
Code Activity

Use explicit_bzero

Browse Source 
Use the explicit_bzero() function in places where it is important that
security information such as passwords is cleared from memory.  There
might be other places where it could be useful; this is just an
initial collection.

For platforms that don't have explicit_bzero(), provide various
fallback implementations.  (explicit_bzero() itself isn't standard,
but as Linux/glibc, FreeBSD, and OpenBSD have it, it's the most common
spelling, so it makes sense to make that the invocation point.)

Discussion: https://www.postgresql.org/message-id/flat/42d26bde-5d5b-c90d-87ae-6cab875f73be%402ndquadrant.com
This commit is contained in:
Peter Eisentraut
2019-09-05 08:15:58 +02:00
parent ae060a52b2
commit 74a308cf52
9 changed files with 99 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/backend/libpq/be-secure-common.c
View File

@ -87,6 +87,7 @@ run_ssl_passphrase_command(const char *prompt, bool is_server_start, char *buf,
{
if (ferror(fh))
{
explicit_bzero(buf, size);
ereport(loglevel,
(errcode_for_file_access(),
errmsg("could not read from command \"%s\": %m",
@ -98,6 +99,7 @@ run_ssl_passphrase_command(const char *prompt, bool is_server_start, char *buf,
pclose_rc = ClosePipeStream(fh);
if (pclose_rc == -1)
{
explicit_bzero(buf, size);
ereport(loglevel,
(errcode_for_file_access(),
errmsg("could not close pipe to external command: %m")));
@ -105,6 +107,7 @@ run_ssl_passphrase_command(const char *prompt, bool is_server_start, char *buf,
}
else if (pclose_rc != 0)
{
explicit_bzero(buf, size);
ereport(loglevel,
(errcode_for_file_access(),
errmsg("command \"%s\" failed",