From 74a308cf5221f491776fcdb4dc36eb61678dbc6f Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Thu, 5 Sep 2019 08:15:58 +0200 Subject: Use explicit_bzero Use the explicit_bzero() function in places where it is important that security information such as passwords is cleared from memory. There might be other places where it could be useful; this is just an initial collection. For platforms that don't have explicit_bzero(), provide various fallback implementations. (explicit_bzero() itself isn't standard, but as Linux/glibc, FreeBSD, and OpenBSD have it, it's the most common spelling, so it makes sense to make that the invocation point.) Discussion: https://www.postgresql.org/message-id/flat/42d26bde-5d5b-c90d-87ae-6cab875f73be%402ndquadrant.com --- src/backend/libpq/be-secure-common.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/backend/libpq/be-secure-common.c') diff --git a/src/backend/libpq/be-secure-common.c b/src/backend/libpq/be-secure-common.c index e8f27bc7825..d801929ea28 100644 --- a/src/backend/libpq/be-secure-common.c +++ b/src/backend/libpq/be-secure-common.c @@ -87,6 +87,7 @@ run_ssl_passphrase_command(const char *prompt, bool is_server_start, char *buf, { if (ferror(fh)) { + explicit_bzero(buf, size); ereport(loglevel, (errcode_for_file_access(), errmsg("could not read from command \"%s\": %m", @@ -98,6 +99,7 @@ run_ssl_passphrase_command(const char *prompt, bool is_server_start, char *buf, pclose_rc = ClosePipeStream(fh); if (pclose_rc == -1) { + explicit_bzero(buf, size); ereport(loglevel, (errcode_for_file_access(), errmsg("could not close pipe to external command: %m"))); @@ -105,6 +107,7 @@ run_ssl_passphrase_command(const char *prompt, bool is_server_start, char *buf, } else if (pclose_rc != 0) { + explicit_bzero(buf, size); ereport(loglevel, (errcode_for_file_access(), errmsg("command \"%s\" failed", -- cgit v1.2.3