Re: using explicit_bzero - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: using explicit_bzero
Date
Msg-id 20190711011145.GE4500@paquier.xyz
Whole thread Raw
In response to Re: using explicit_bzero  (Michael Paquier <michael@paquier.xyz>)
Responses Re: using explicit_bzero
List pgsql-hackers
On Mon, Jun 24, 2019 at 02:08:50PM +0900, Michael Paquier wrote:
> CreateRole() and AlterRole() can manipulate a password in plain format
> in memory.  The cleanup could be done just after calling
> encrypt_password() in user.c.
>
> Could it be possible to add the new flag in pg_config.h.win32?

While remembering about it...  Shouldn't the memset(0) now happening in
base64.c for the encoding and encoding routines when facing a failure
use explicit_zero()?
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: [sqlsmith] Crash in mcv_get_match_bitmap
Next
From: Robert Haas
Date:
Subject: Re: progress report for ANALYZE