Re: using explicit_bzero

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Thomas Munro <thomas.munro@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-07-05T13:07:31Z
Lists: pgsql-hackers

Attachments

On 2019-07-05 14:06, Thomas Munro wrote:
> +#ifndef HAVE_EXPLICIT_BZERO
> +#define explicit_bzero(b, len) memset(b, 0, len)
> +#endif
> 
> I noticed some other libraries use memset through a function pointer
> or at least define a function the compiler can't see.

I don't understand what you are getting at here.

> The ssl tests fail:
> 
> FATAL:  could not load private key file "server-password.key": bad decrypt
> 
> That's apparently due to the passphrase being clobbered in the output
> buffer before we've managed to use it:
> 
> @@ -118,6 +118,7 @@ run_ssl_passphrase_command(const char *prompt,
> bool is_server_start, char *buf,
>                 buf[--len] = '\0';
> 
>  error:
> +       explicit_bzero(buf, size);
>         pfree(command.data);
>         return len;
>  }

Yeah, that's a silly mistake.  New patch attached.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Commits

  1. Use explicit_bzero