From 0cc67628a71ffb0114d61838cfceb0d7671dcc29 Mon Sep 17 00:00:00 2001 From: Taras Kloba Date: Fri, 13 Jun 2025 19:28:48 +0300 Subject: [PATCH] Fix incomplete memory clearing in OAuth authentication The explicit_bzero() call in oauth_exchange() was only clearing inputlen bytes, which equals strlen(input), but the allocated buffer from pstrdup() is actually inputlen + 1 bytes (including the null terminator). This left the null terminator byte uncleared in memory, violating the security principle of completely removing sensitive authentication data. This patch fixes the issue by clearing inputlen + 1 bytes to ensure the entire bearer token, including the null terminator, is removed from memory. --- src/backend/libpq/auth-oauth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/libpq/auth-oauth.c b/src/backend/libpq/auth-oauth.c index 27f7af7..7c0a3c6 100644 --- a/src/backend/libpq/auth-oauth.c +++ b/src/backend/libpq/auth-oauth.c @@ -293,7 +293,7 @@ oauth_exchange(void *opaq, const char *input, int inputlen, } /* Don't let extra copies of the bearer token hang around. */ - explicit_bzero(input_copy, inputlen); + explicit_bzero(input_copy, inputlen + 1); return status; } -- 2.48.1