Quick Links

Re: explicit_bzero for sslpassword

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc:	PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: explicit_bzero for sslpassword
Date:	2020-05-20 05:56:50
Message-ID:	20200520055650.GD2355@paquier.xyz
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Tue, May 19, 2020 at 02:33:40PM +0200, Daniel Gustafsson wrote:
> Since commit 74a308cf5221f we use explicit_bzero on pgpass and connhost
> password in libpq, but not sslpassword which seems an oversight. The attached
> performs an explicit_bzero before freeing like the pattern for other password
> variables.

Good catch, let's fix that. I would like to apply your suggested fix,
but let's see first if others have any comments.
--
Michael

In response to

explicit_bzero for sslpassword at 2020-05-19 12:33:40 from Daniel Gustafsson

Responses

Re: explicit_bzero for sslpassword at 2020-05-20 08:06:55 from Peter Eisentraut

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Michael Paquier	2020-05-20 07:03:26	Re: Expand the use of check_canonical_path() for more GUCs
Previous Message	Michael Paquier	2020-05-20 05:38:38	Re: SyncRepLock acquired exclusively in default configuration