Re: using explicit_bzero
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Thomas Munro <thomas.munro@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-07-05T13:07:31Z
Lists: pgsql-hackers
Attachments
- v3-0001-Use-explicit_bzero.patch (text/plain) patch v3-0001
On 2019-07-05 14:06, Thomas Munro wrote: > +#ifndef HAVE_EXPLICIT_BZERO > +#define explicit_bzero(b, len) memset(b, 0, len) > +#endif > > I noticed some other libraries use memset through a function pointer > or at least define a function the compiler can't see. I don't understand what you are getting at here. > The ssl tests fail: > > FATAL: could not load private key file "server-password.key": bad decrypt > > That's apparently due to the passphrase being clobbered in the output > buffer before we've managed to use it: > > @@ -118,6 +118,7 @@ run_ssl_passphrase_command(const char *prompt, > bool is_server_start, char *buf, > buf[--len] = '\0'; > > error: > + explicit_bzero(buf, size); > pfree(command.data); > return len; > } Yeah, that's a silly mistake. New patch attached. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Use explicit_bzero
- 74a308cf5221 13.0 landed