Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-1844

Password string not cleared

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.9
    • Fix Version/s: 0.9.3
    • Component/s: C++ - Library
    • Labels:
      None
    • Environment:

      SSL connection with authentication

    • Flags:
      Patch

      Description

      The function handling the SSL password receives a memory copy of the password which is then passed down to the OpenSSL library. The intermediate buffer used to get the password is not cleared one used up.

      This is a (rather low) security issue in case a memory scraper was used. The buffer should be cleared once not necessary anymore.

      The current function (in 0.9.0) looks like this:

      int TSSLSocketFactory::passwordCallback(char* password,
                                              int size,
                                              int,
                                              void* data) {
        TSSLSocketFactory* factory = (TSSLSocketFactory*)data;
        string userPassword;
        factory->getPassword(userPassword, size);
        int length = userPassword.size();
        if (length > size) {
          length = size;
        }
        strncpy(password, userPassword.c_str(), length);
        return length;
      }
      

      After the strncpy() I would suggest something like this:

      for(int i(userPassword.size()); i >= 0; --i) {
        userPassword[i] = '*';
      }
      

      Note that we cannot use the variable size because it gets modified and thus does not represent the whole password size at that point.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexiswilke Alexis Wilke
            • Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: