From 3163f0412b54101b7669169a73c926df1f39f467 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Sun, 17 May 2020 04:43:45 +0200 Subject: [PATCH] Make sure to zero out password storage Commit 74a308cf5221f introducded explicit_bzero for use on password storage and other sensitive pieces of memory before freeing. Make sure to use on sslpassword as well. --- src/interfaces/libpq/fe-connect.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index d5da6dce1e..ae4a32e45b 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -4037,7 +4037,10 @@ freePGconn(PGconn *conn) if (conn->sslkey) free(conn->sslkey); if (conn->sslpassword) + { + explicit_bzero(conn->sslpassword, strlen(conn->sslpassword)); free(conn->sslpassword); + } if (conn->sslrootcert) free(conn->sslrootcert); if (conn->sslcrl) -- 2.21.1 (Apple Git-122.3)