AI SAFETY: clean cert info before free

2021-01-14 08:33:31 +08:00 · 2021-01-14 08:33:31 +08:00 · 989b195d54
parent 392c043824
commit 989b195d54
1 changed files with 13 additions and 6 deletions
--- a/src/gausskernel/optimizer/util/learn/comm.cpp
+++ b/src/gausskernel/optimizer/util/learn/comm.cpp
@ -272,6 +272,14 @@ static GS_UCHAR* DecodeClientKey(StringInfo cahome)
    return plainpwd;
 }

+static inline void CleanCertInfo(StringInfo str)
+ {
+     errno_t rc = memset_s(str->data, str->len, 0, str->len);
+     securec_check(rc, "\0", "\0");
+     pfree_ext(str->data);
+     pfree_ext(str);
+ }
+	
 static void GetCurlClientCerts(AiConn* connHandle)
 {
    char* gausshome = getGaussHome();
@ -300,12 +308,11 @@ static void GetCurlClientCerts(AiConn* connHandle)
        errmsg("Read certificate files failed.")));
    }

-    pfree_ext(caPath->data);
-    pfree_ext(certPath->data);
-    pfree_ext(keyPath->data);
-    pfree_ext(caPath);
-    pfree_ext(certPath);
-    pfree_ext(keyPath);
+    CleanCertInfo(caPath);
+    CleanCertInfo(certPath);
+    CleanCertInfo(keyPath);
+    errno_t rc = memset_s(plainpwd, CIPHER_LEN + 1, 0, CIPHER_LEN + 1);
+    securec_check(rc, "\0", "\0");
    pfree_ext(plainpwd);
 }