Use explicit_bzero() when clearing sslpassword in libpq

Since 74a308c, any security-sensitive information gets cleared from memory this way. This was forgotten in 4dc6355. Author: Daniel Gustafsson Reviewed-by: Peter Eisentraut, Michael Paquier Discussion: https://postgr.es/m/935443BA-D42E-4CE0-B181-1AD79E6DD45A@yesql.se
author: Michael Paquier <michael@paquier.xyz> 2020-05-21 15:49:20 +0900
committer: Michael Paquier <michael@paquier.xyz> 2020-05-21 15:49:20 +0900
commit: e4db972ed5f12c09403ff0be24e12e5d4032aaaa (patch)
tree: b0fd4a4d5af2b131a17144b84d4014ea19aa7c11
parent: d2a9959907a03682f4fe182086f9936aca6b2a4f (diff)
download: postgresql-e4db972ed5f12c09403ff0be24e12e5d4032aaaa.tar.gz
postgresql-e4db972ed5f12c09403ff0be24e12e5d4032aaaa.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index d5da6dce1e6..ae4a32e45b2 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -4037,7 +4037,10 @@ freePGconn(PGconn *conn)
 	if (conn->sslkey)
 		free(conn->sslkey);
 	if (conn->sslpassword)
+	{
+		explicit_bzero(conn->sslpassword, strlen(conn->sslpassword));
 		free(conn->sslpassword);
+	}
 	if (conn->sslrootcert)
 		free(conn->sslrootcert);
 	if (conn->sslcrl)
author	Michael Paquier <michael@paquier.xyz>	2020-05-21 15:49:20 +0900
committer	Michael Paquier <michael@paquier.xyz>	2020-05-21 15:49:20 +0900
commit	e4db972ed5f12c09403ff0be24e12e5d4032aaaa (patch)
tree	b0fd4a4d5af2b131a17144b84d4014ea19aa7c11
parent	d2a9959907a03682f4fe182086f9936aca6b2a4f (diff)
download	postgresql-e4db972ed5f12c09403ff0be24e12e5d4032aaaa.tar.gz postgresql-e4db972ed5f12c09403ff0be24e12e5d4032aaaa.zip