[ https://issues.apache.org/jira/browse/THRIFT-1844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14618536#comment-14618536 ]
Hudson commented on THRIFT-1844: -------------------------------- SUCCESS: Integrated in Thrift #1596 (See [https://builds.apache.org/job/Thrift/1596/]) THRIFT-1844: Overwrite password string after passing it to openssl. (r.meier: rev 33f3f01ce2a7e0aa1348deada026edec20c937ee) * lib/cpp/src/thrift/transport/TSSLSocket.cpp > Password string not cleared > --------------------------- > > Key: THRIFT-1844 > URL: https://issues.apache.org/jira/browse/THRIFT-1844 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.9 > Environment: SSL connection with authentication > Reporter: Alexis Wilke > Fix For: 0.9.3 > > Attachments: > 0001-THRIFT-1844-Overwrite-password-string-after-passing-.patch > > > The function handling the SSL password receives a memory copy of the password > which is then passed down to the OpenSSL library. The intermediate buffer > used to get the password is not cleared one used up. > This is a (rather low) security issue in case a memory scraper was used. The > buffer should be cleared once not necessary anymore. > The current function (in 0.9.0) looks like this: > {noformat} > int TSSLSocketFactory::passwordCallback(char* password, > int size, > int, > void* data) { > TSSLSocketFactory* factory = (TSSLSocketFactory*)data; > string userPassword; > factory->getPassword(userPassword, size); > int length = userPassword.size(); > if (length > size) { > length = size; > } > strncpy(password, userPassword.c_str(), length); > return length; > } > {noformat} > After the strncpy() I would suggest something like this: > {noformat} > for(int i(userPassword.size()); i >= 0; --i) { > userPassword[i] = '*'; > } > {noformat} > Note that we cannot use the variable size because it gets modified and thus > does not represent the whole password size at that point. -- This message was sent by Atlassian JIRA (v6.3.4#6332)