| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Taras Kloba <sql(dot)ua(dot)tech(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Fix incomplete memory clearing in OAuth authentication |
| Date: | 2025-06-16 08:05:51 |
| Message-ID: | 9D67B22B-D51C-4E6F-9951-4EF36CF6CE10@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 13 Jun 2025, at 18:41, Taras Kloba <sql(dot)ua(dot)tech(at)gmail(dot)com> wrote:
>
> Hi hackers,
>
> I discovered a minor security issue in the OAuth authentication code where
> sensitive bearer tokens are not completely cleared from memory.
>
> ## The Issue
>
> In src/backend/libpq/auth-oauth.c, the oauth_exchange() function attempts to
> clear the bearer token from memory using explicit_bzero(), but it only clears
> inputlen bytes. Since the buffer is allocated with pstrdup(), which allocates
> strlen(input) + 1 bytes, the null terminator byte remains uncleared.
Maybe I'm lacking imagination, but I fail to see how it's a security issue to
not set a byte to \0 when it is known to be \0?
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Evgeniy Gorbanev | 2025-06-16 08:14:36 | No error checking when reading from file using zstd in pg_dump |
| Previous Message | Daniel Gustafsson | 2025-06-16 08:01:27 | Re: Possibly hard-to-read message |