When freeing buffers in the db routines, also zeroize them
This should solve the bug where a coredumping ftpd reveals encrypted passwords. Obtained from: OpenBSD
This commit is contained in:
parent
0082fb4657
commit
102b3fa4c8
|
@ -331,8 +331,10 @@ __buf_free(hashp, do_free, to_disk)
|
||||||
}
|
}
|
||||||
/* Check if we are freeing stuff */
|
/* Check if we are freeing stuff */
|
||||||
if (do_free) {
|
if (do_free) {
|
||||||
if (bp->page)
|
if (bp->page) {
|
||||||
|
(void)memset(bp->page, 0, hashp->BSIZE);
|
||||||
free(bp->page);
|
free(bp->page);
|
||||||
|
}
|
||||||
BUF_REMOVE(bp);
|
BUF_REMOVE(bp);
|
||||||
free(bp);
|
free(bp);
|
||||||
bp = LRU;
|
bp = LRU;
|
||||||
|
|
Loading…
Reference in New Issue