From 304e55dc5a3940bd477b1d067bac7e845d33b879 Mon Sep 17 00:00:00 2001 From: Ngan Pham Date: Tue, 9 Apr 2024 23:50:08 -0700 Subject: [PATCH] Clear password without memset --- script/cibuild | 2 +- src/client.c | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/script/cibuild b/script/cibuild index 6be89526..cb600e9f 100755 --- a/script/cibuild +++ b/script/cibuild @@ -55,7 +55,7 @@ export DISTRIBUTION_SLUG # and chmod this directory on the host so that the permissions are persisted when the # the directory is mounted in the containers. Since the mysql container runs as a non-root # user, we need to ensure that the directory is writable by all users. -mkdir tmp/mysql-certs +mkdir -p tmp/mysql-certs chmod 777 tmp/mysql-certs docker compose rm --stop --force --volumes diff --git a/src/client.c b/src/client.c index 53680620..7f246098 100644 --- a/src/client.c +++ b/src/client.c @@ -404,7 +404,12 @@ int trilogy_auth_switch_send(trilogy_conn_t *conn, const trilogy_handshake_t *ha void trilogy_auth_clear_password(trilogy_conn_t *conn) { if (conn->socket->opts.password) { - memset(conn->socket->opts.password, 0, conn->socket->opts.password_len); + volatile char *password_ptr = (volatile char*)(conn->socket->opts.password); + while (conn->socket->opts.password_len--) { + *password_ptr++ = 0; + } + free(conn->socket->opts.password); + conn->socket->opts.password = NULL; } }