Use explicit_bzero() when clearing sslpassword in libpq

Since 74a308cf, any security-sensitive information gets cleared from memory this way. This was forgotten in 4dc63552. Author: Daniel Gustafsson Reviewed-by: Peter Eisentraut, Michael Paquier Discussion: https://postgr.es/m/935443BA-D42E-4CE0-B181-1AD79E6DD45A@yesql.se

Use explicit_bzero() when clearing sslpassword in libpq
Since 74a308cf, any security-sensitive information gets cleared from memory this way. This was forgotten in 4dc63552. Author: Daniel Gustafsson Reviewed-by: Peter Eisentraut, Michael Paquier Discussion: https://postgr.es/m/935443BA-D42E-4CE0-B181-1AD79E6DD45A@yesql.se
e4db972e · Michael Paquier · d2a99599 · e4db972e
Commit e4db972e authored May 21, 2020 by Michael Paquier
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

src/interfaces/libpq/fe-connect.c src/interfaces/libpq/fe-connect.c +3 -0

No files found.
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -4037,7 +4037,10 @@ freePGconn(PGconn *conn)
 	if (conn->sslkey)
 		free(conn->sslkey);
 	if (conn->sslpassword)
+	{
+		explicit_bzero(conn->sslpassword, strlen(conn->sslpassword));
 		free(conn->sslpassword);
+	}
 	if (conn->sslrootcert)
 		free(conn->sslrootcert);
 	if (conn->sslcrl)