Re: using explicit_bzero
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-06-24T05:08:50Z
Lists: pgsql-hackers
On Sun, Jun 23, 2019 at 09:57:18PM +0200, Peter Eisentraut wrote: > On 2019-06-23 21:55, Peter Eisentraut wrote: >> On 2019-06-21 15:25, Tom Lane wrote: >>> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes: >>>> +#ifndef HAVE_EXPLICIT_BZERO >>>> +#define explicit_bzero(b, len) bzero(b, len) >>>> +#endif >>> >>> This presumes that every platform has bzero, which is unsafe (POSIX >>> doesn't specify it) and is an assumption we kicked to the curb a dozen >>> years ago (067a5cdb3). Please use memset() for the substitute instead. +1. >> OK, done. > > and with patch attached CreateRole() and AlterRole() can manipulate a password in plain format in memory. The cleanup could be done just after calling encrypt_password() in user.c. Could it be possible to add the new flag in pg_config.h.win32? -- Michael
Commits
-
Use explicit_bzero
- 74a308cf5221 13.0 landed