Hi hackers, I discovered a minor security issue in the OAuth authentication code where sensitive bearer tokens are not completely cleared from memory.
## The Issue
In src/backend/libpq/auth-oauth.c, the oauth_exchange() function attempts
to
clear the bearer token from memory using explicit_bzero(), but it only
clears
inputlen bytes. Since the buffer is allocated with pstrdup(), which
allocates
strlen(input) + 1 bytes, the null terminator byte remains uncleared.
## The Fix
The attached patch changes line 296 from:
explicit_bzero(input_copy, inputlen);
to:
explicit_bzero(input_copy, inputlen + 1);
This ensures the entire allocated buffer, including the null terminator, is
properly cleared from memory.
## Testing
The fix has been tested by:
- Verifying the code compiles without warnings
- Confirming inputlen equals strlen(input) per the validation at line 171
- Ensuring pstrdup() allocates inputlen + 1 bytes
## Impact
This is a minor security issue as only the null terminator byte remains in
memory, but it's worth fixing to ensure complete removal of sensitive
authentication data as intended by the comment "Don't let extra copies of
the bearer token hang around."
The patch applies cleanly to the master branch.
Best regards,
Taras Kloba
0001-Fix-incomplete-memory-clearing-in-OAuth-authenticati.patch
Description: Binary data
