From 8c76b36ad1a03dac6aa2c2e9dce34e9fdf59e9db Mon Sep 17 00:00:00 2001 From: sqyyeah <948885883@qq.com> Date: Thu, 7 Jan 2021 20:00:21 +0800 Subject: [PATCH 1/2] AI SAFETY: clean cert info before free --- src/gausskernel/optimizer/util/learn/comm.cpp | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/src/gausskernel/optimizer/util/learn/comm.cpp b/src/gausskernel/optimizer/util/learn/comm.cpp index de40db571..1978a02ba 100755 --- a/src/gausskernel/optimizer/util/learn/comm.cpp +++ b/src/gausskernel/optimizer/util/learn/comm.cpp @@ -272,6 +272,14 @@ static GS_UCHAR* DecodeClientKey(StringInfo cahome) return plainpwd; } +static void CleanCertInfo(StringInfo str) +{ + errno_t rc = memset_s(str->data, str->len, 0, str->len); + securec_check(rc, "\0", "\0"); + pfree_ext(str->data); + pfree_ext(str); +} + static void GetCurlClientCerts(AiConn* connHandle) { char* gausshome = getGaussHome(); @@ -300,12 +308,11 @@ static void GetCurlClientCerts(AiConn* connHandle) errmsg("Read certificate files failed."))); } - pfree_ext(caPath->data); - pfree_ext(certPath->data); - pfree_ext(keyPath->data); - pfree_ext(caPath); - pfree_ext(certPath); - pfree_ext(keyPath); + CleanCertInfo(caPath); + CleanCertInfo(certPath); + CleanCertInfo(keyPath); + errno_t rc = memset_s(plainpwd, CIPHER_LEN + 1, 0, CIPHER_LEN + 1); + securec_check(rc, "\0", "\0"); pfree_ext(plainpwd); } From f249a90a151fcd4e6a075ae3a54c3bafed176cc2 Mon Sep 17 00:00:00 2001 From: sqyyeah <948885883@qq.com> Date: Mon, 11 Jan 2021 14:55:25 +0800 Subject: [PATCH 2/2] change func to inline func --- src/gausskernel/optimizer/util/learn/comm.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gausskernel/optimizer/util/learn/comm.cpp b/src/gausskernel/optimizer/util/learn/comm.cpp index 1978a02ba..4338b73f2 100755 --- a/src/gausskernel/optimizer/util/learn/comm.cpp +++ b/src/gausskernel/optimizer/util/learn/comm.cpp @@ -272,7 +272,7 @@ static GS_UCHAR* DecodeClientKey(StringInfo cahome) return plainpwd; } -static void CleanCertInfo(StringInfo str) +static inline void CleanCertInfo(StringInfo str) { errno_t rc = memset_s(str->data, str->len, 0, str->len); securec_check(rc, "\0", "\0");