On 2019-07-05 14:06, Thomas Munro wrote:
> +#ifndef HAVE_EXPLICIT_BZERO
> +#define explicit_bzero(b, len) memset(b, 0, len)
> +#endif
>
> I noticed some other libraries use memset through a function pointer
> or at least define a function the compiler can't see.
I don't understand what you are getting at here.
> The ssl tests fail:
>
> FATAL: could not load private key file "server-password.key": bad decrypt
>
> That's apparently due to the passphrase being clobbered in the output
> buffer before we've managed to use it:
>
> @@ -118,6 +118,7 @@ run_ssl_passphrase_command(const char *prompt,
> bool is_server_start, char *buf,
> buf[--len] = '\0';
>
> error:
> + explicit_bzero(buf, size);
> pfree(command.data);
> return len;
> }
Yeah, that's a silly mistake. New patch attached.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
