[
https://issues.apache.org/jira/browse/THRIFT-1844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14618536#comment-14618536
]
Hudson commented on THRIFT-1844:
--------------------------------
SUCCESS: Integrated in Thrift #1596 (See
[https://builds.apache.org/job/Thrift/1596/])
THRIFT-1844: Overwrite password string after passing it to openssl. (r.meier:
rev 33f3f01ce2a7e0aa1348deada026edec20c937ee)
* lib/cpp/src/thrift/transport/TSSLSocket.cpp
> Password string not cleared
> ---------------------------
>
> Key: THRIFT-1844
> URL: https://issues.apache.org/jira/browse/THRIFT-1844
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.9
> Environment: SSL connection with authentication
> Reporter: Alexis Wilke
> Fix For: 0.9.3
>
> Attachments:
> 0001-THRIFT-1844-Overwrite-password-string-after-passing-.patch
>
>
> The function handling the SSL password receives a memory copy of the password
> which is then passed down to the OpenSSL library. The intermediate buffer
> used to get the password is not cleared one used up.
> This is a (rather low) security issue in case a memory scraper was used. The
> buffer should be cleared once not necessary anymore.
> The current function (in 0.9.0) looks like this:
> {noformat}
> int TSSLSocketFactory::passwordCallback(char* password,
> int size,
> int,
> void* data) {
> TSSLSocketFactory* factory = (TSSLSocketFactory*)data;
> string userPassword;
> factory->getPassword(userPassword, size);
> int length = userPassword.size();
> if (length > size) {
> length = size;
> }
> strncpy(password, userPassword.c_str(), length);
> return length;
> }
> {noformat}
> After the strncpy() I would suggest something like this:
> {noformat}
> for(int i(userPassword.size()); i >= 0; --i) {
> userPassword[i] = '*';
> }
> {noformat}
> Note that we cannot use the variable size because it gets modified and thus
> does not represent the whole password size at that point.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
