Use explicit_bzero() when clearing sslpassword in libpq
Since74a308c
, any security-sensitive information gets cleared from memory this way. This was forgotten in4dc6355
. Author: Daniel Gustafsson Reviewed-by: Peter Eisentraut, Michael Paquier Discussion: https://postgr.es/m/935443BA-D42E-4CE0-B181-1AD79E6DD45A@yesql.se
This commit is contained in:
parent
d2a9959907
commit
e4db972ed5
|
@ -4037,7 +4037,10 @@ freePGconn(PGconn *conn)
|
||||||
if (conn->sslkey)
|
if (conn->sslkey)
|
||||||
free(conn->sslkey);
|
free(conn->sslkey);
|
||||||
if (conn->sslpassword)
|
if (conn->sslpassword)
|
||||||
|
{
|
||||||
|
explicit_bzero(conn->sslpassword, strlen(conn->sslpassword));
|
||||||
free(conn->sslpassword);
|
free(conn->sslpassword);
|
||||||
|
}
|
||||||
if (conn->sslrootcert)
|
if (conn->sslrootcert)
|
||||||
free(conn->sslrootcert);
|
free(conn->sslrootcert);
|
||||||
if (conn->sslcrl)
|
if (conn->sslcrl)
|
||||||
|
|
Loading…
Reference in New Issue