Thread: explicit_bzero for sslpassword

Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
password in libpq, but not sslpassword which seems an oversight.  The attached
performs an explicit_bzero before freeing like the pattern for other password
variables.

cheers ./daniel

On Tue, May 19, 2020 at 02:33:40PM +0200, Daniel Gustafsson wrote:
> Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
> password in libpq, but not sslpassword which seems an oversight.  The attached
> performs an explicit_bzero before freeing like the pattern for other password
> variables.

Good catch, let's fix that.  I would like to apply your suggested fix,
but let's see first if others have any comments.
--
Michael

On 2020-05-20 07:56, Michael Paquier wrote:
> On Tue, May 19, 2020 at 02:33:40PM +0200, Daniel Gustafsson wrote:
>> Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
>> password in libpq, but not sslpassword which seems an oversight.  The attached
>> performs an explicit_bzero before freeing like the pattern for other password
>> variables.
> 
> Good catch, let's fix that.  I would like to apply your suggested fix,
> but let's see first if others have any comments.

Looks correct to me.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

On Wed, May 20, 2020 at 10:06:55AM +0200, Peter Eisentraut wrote:
> Looks correct to me.

Thanks for confirming, Peter.  Got this one applied.
--
Michael