database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-27 12:41:57 +03:00
Code Activity

pgcrypto: fix memset() calls that might be optimized away

Browse Source 
Specifically, on-stack memset() might be removed, so:

	* Replace memset() with px_memset()
	* Add px_memset to copy_crlf()
	* Add px_memset to pgp-s2k.c

Patch by Marko Kreen

Report by PVS-Studio

Backpatch through 8.4.
This commit is contained in:
Bruce Momjian
2014-04-17 12:37:53 -04:00
parent 83defef8c7
commit 9fe55259fd
22 changed files with 82 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
contrib/pgcrypto/crypt-blowfish.c
View File

@ -35,6 +35,7 @@
#include "postgres.h"
#include "px-crypt.h"
#include "px.h"
#ifdef __i386__
#define BF_ASM 0 /* 1 */
@ -616,7 +617,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
{
memset(data.binary.salt, 0, sizeof(data.binary.salt));
px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
return NULL;
}
BF_swap(data.binary.salt, 4);
@ -729,7 +730,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
/* Overwrite the most obvious sensitive data we have on the stack. Note
* that this does not guarantee there's no sensitive data left on the
* stack and/or in registers; I'm not aware of portable code that does. */
memset(&data, 0, sizeof(data));
px_memset(&data, 0, sizeof(data));
return output;
}