Alexis Wilke created THRIFT-1844: ------------------------------------ Summary: Password string not cleared Key: THRIFT-1844 URL: https://issues.apache.org/jira/browse/THRIFT-1844 Project: Thrift Issue Type: Bug Components: C++ - Library Affects Versions: 0.9 Environment: SSL connection with authentication Reporter: Alexis Wilke
The function handling the SSL password receives a memory copy of the password which is then passed down to the OpenSSL library. The intermediate buffer used to get the password is not cleared one used up. This is a (rather low) security issue in case a memory scraper was used. The buffer should be cleared once not necessary anymore. The current function (in 0.9.0) looks like this: int TSSLSocketFactory::passwordCallback(char* password, int size, int, void* data) { TSSLSocketFactory* factory = (TSSLSocketFactory*)data; string userPassword; factory->getPassword(userPassword, size); int length = userPassword.size(); if (length > size) { length = size; } strncpy(password, userPassword.c_str(), length); return length; } After the strncpy() I would suggest something like this: for(int i(userPassword.size()); i >= 0; --i) { userPassword[i] = '*'; } Note that we cannot use the variable size because it gets modified and thus does not represent the whole password size at that point. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira