You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@logging.apache.org by rp...@apache.org on 2017/08/17 22:17:01 UTC

logging-log4j2 git commit: LOG4J2-1896 null out password chars in memory before releasing reference to this object

Repository: logging-log4j2
Updated Branches:
  refs/heads/master e0d7a551e -> fc3d4a6da


LOG4J2-1896 null out password chars in memory before releasing reference to this object


Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo
Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/fc3d4a6d
Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/fc3d4a6d
Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/fc3d4a6d

Branch: refs/heads/master
Commit: fc3d4a6da9912c306f807750dd993cb3415a4aea
Parents: e0d7a55
Author: rpopma <rp...@apache.org>
Authored: Fri Aug 18 07:16:55 2017 +0900
Committer: rpopma <rp...@apache.org>
Committed: Fri Aug 18 07:16:55 2017 +0900

----------------------------------------------------------------------
 .../apache/logging/log4j/core/net/ssl/StoreConfiguration.java   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/fc3d4a6d/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java
----------------------------------------------------------------------
diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java
index 863209e..9ad1221 100644
--- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java
+++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java
@@ -39,6 +39,7 @@ public class StoreConfiguration<T> {
      */
     public void clearSecrets() {
         this.location = null;
+        Arrays.fill(password, '\u0000');
         this.password = null;
     }
 
@@ -60,7 +61,7 @@ public class StoreConfiguration<T> {
     }
 
     /**
-     * 
+     *
      * @deprecated Use getPasswordAsCharArray()
      */
     @Deprecated
@@ -77,7 +78,7 @@ public class StoreConfiguration<T> {
     }
 
     /**
-     * 
+     *
      * @deprecated Use getPasswordAsCharArray()
      */
     @Deprecated