[THRIFT-1844] Password string not cleared - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.9
Fix Version/s: 0.9.3
Component/s: C++ - Library
Labels:
None
Environment:

SSL connection with authentication

Flags:

Patch

Description

The function handling the SSL password receives a memory copy of the password which is then passed down to the OpenSSL library. The intermediate buffer used to get the password is not cleared one used up.

This is a (rather low) security issue in case a memory scraper was used. The buffer should be cleared once not necessary anymore.

The current function (in 0.9.0) looks like this:

int TSSLSocketFactory::passwordCallback(char* password,
                                        int size,
                                        int,
                                        void* data) {
  TSSLSocketFactory* factory = (TSSLSocketFactory*)data;
  string userPassword;
  factory->getPassword(userPassword, size);
  int length = userPassword.size();
  if (length > size) {
    length = size;
  }
  strncpy(password, userPassword.c_str(), length);
  return length;
}

After the strncpy() I would suggest something like this:

for(int i(userPassword.size()); i >= 0; --i) {
  userPassword[i] = '*';
}

Note that we cannot use the variable size because it gets modified and thus does not represent the whole password size at that point.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-THRIFT-1844-Overwrite-password-string-after-passing-.patch
07/Jul/15 09:47
0.9 kB
Claudius Heine

Activity

People

Assignee:: Unassigned

Reporter:: Alexis Wilke

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 27/Jan/13 11:58

Updated:: 21/Jul/15 02:21

Resolved:: 08/Jul/15 12:35