Home > mailing lists

Re: using explicit_bzero - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: using explicit_bzero
Date	June 24, 2019 08:08:50
Msg-id	20190624050850.GE1637@paquier.xyz Whole thread Raw
In response to	Re: using explicit_bzero (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses	Re: using explicit_bzero
List	pgsql-hackers

Tree view

On Sun, Jun 23, 2019 at 09:57:18PM +0200, Peter Eisentraut wrote:
> On 2019-06-23 21:55, Peter Eisentraut wrote:
>> On 2019-06-21 15:25, Tom Lane wrote:
>>> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
>>>> +#ifndef HAVE_EXPLICIT_BZERO
>>>> +#define explicit_bzero(b, len) bzero(b, len)
>>>> +#endif
>>>
>>> This presumes that every platform has bzero, which is unsafe (POSIX
>>> doesn't specify it) and is an assumption we kicked to the curb a dozen
>>> years ago (067a5cdb3).  Please use memset() for the substitute instead.

+1.

>> OK, done.
>
> and with patch attached

CreateRole() and AlterRole() can manipulate a password in plain format
in memory.  The cleanup could be done just after calling
encrypt_password() in user.c.

Could it be possible to add the new flag in pg_config.h.win32?
--
Michael

Attachment

signature.asc

pgsql-hackers by date:

From: Michael Paquier
Date: 24 June 2019, 07:06:16
Subject: Re: check_recovery_target_lsn() does a PG_CATCH without a throw

From: Michael Paquier
Date: 24 June 2019, 08:10:28
Subject: Re: using explicit_bzero

Re: using explicit_bzero - Mailing list pgsql-hackers

Attachment

Previous

Next