From d7181cd19c172df3ab8bd4573a09f0138eb7636d Mon Sep 17 00:00:00 2001 From: totaj Date: Sat, 24 Sep 2022 16:57:01 +0800 Subject: [PATCH] Fix password leak. --- src/common/interfaces/libpq/fe-connect.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/common/interfaces/libpq/fe-connect.cpp b/src/common/interfaces/libpq/fe-connect.cpp index 38450ed01..a16b30a4a 100644 --- a/src/common/interfaces/libpq/fe-connect.cpp +++ b/src/common/interfaces/libpq/fe-connect.cpp @@ -4904,6 +4904,7 @@ static PQconninfoOption* conninfo_parse(const char* conninfo, PQExpBuffer errorM PQconninfoFree(options); return NULL; } + size_t bufLen = strlen(buf); cp = buf; while (*cp) { @@ -4935,6 +4936,7 @@ static PQconninfoOption* conninfo_parse(const char* conninfo, PQExpBuffer errorM printfPQExpBuffer( errorMessage, libpq_gettext("missing \"=\" after \"%s\" in connection info string\n"), pname); PQconninfoFree(options); + check_memset_s(memset_s(buf, bufLen, 0, bufLen)); libpq_free(buf); return NULL; } @@ -4973,6 +4975,7 @@ static PQconninfoOption* conninfo_parse(const char* conninfo, PQExpBuffer errorM printfPQExpBuffer( errorMessage, libpq_gettext("unterminated quoted string in connection info string\n")); PQconninfoFree(options); + check_memset_s(memset_s(buf, bufLen, 0, bufLen)); libpq_free(buf); return NULL; } @@ -4996,12 +4999,14 @@ static PQconninfoOption* conninfo_parse(const char* conninfo, PQExpBuffer errorM */ if (conninfo_storeval(options, pname, pval, errorMessage, false, false) == NULL) { PQconninfoFree(options); + check_memset_s(memset_s(buf, bufLen, 0, bufLen)); libpq_free(buf); return NULL; } } /* Done with the modifiable input string */ + check_memset_s(memset_s(buf, bufLen, 0, bufLen)); libpq_free(buf); /*