From: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: using explicit_bzero |
Date: | 2019-07-05 12:06:06 |
Message-ID: | CA+hUKGL2mmC43Oe2DouyvvEOmoKCGu82n7+oQ_jznCLwM15DZw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Jun 24, 2019 at 7:57 AM Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> On 2019-06-23 21:55, Peter Eisentraut wrote:
> > On 2019-06-21 15:25, Tom Lane wrote:
> >> years ago (067a5cdb3). Please use memset() for the substitute instead.
> >
> > OK, done.
+#ifndef HAVE_EXPLICIT_BZERO
+#define explicit_bzero(b, len) memset(b, 0, len)
+#endif
I noticed some other libraries use memset through a function pointer
or at least define a function the compiler can't see.
> and with patch attached
The ssl tests fail:
FATAL: could not load private key file "server-password.key": bad decrypt
That's apparently due to the passphrase being clobbered in the output
buffer before we've managed to use it:
@@ -118,6 +118,7 @@ run_ssl_passphrase_command(const char *prompt,
bool is_server_start, char *buf,
buf[--len] = '\0';
error:
+ explicit_bzero(buf, size);
pfree(command.data);
return len;
}
--
Thomas Munro
https://enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Stas Kelvich | 2019-07-05 12:27:06 | Re: Add client connection check during the execution of the query |
Previous Message | Shay Rojansky | 2019-07-05 12:04:59 | Re: Proposal to add GUC_REPORT to lc_monetary, lc_numeric and search_path |