LOG4J2-1896 null out password chars in memory before releasing reference to this object
Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/fc3d4a6d Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/fc3d4a6d Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/fc3d4a6d Branch: refs/heads/LOG4J2-1431 Commit: fc3d4a6da9912c306f807750dd993cb3415a4aea Parents: e0d7a55 Author: rpopma <[email protected]> Authored: Fri Aug 18 07:16:55 2017 +0900 Committer: rpopma <[email protected]> Committed: Fri Aug 18 07:16:55 2017 +0900 ---------------------------------------------------------------------- .../apache/logging/log4j/core/net/ssl/StoreConfiguration.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/fc3d4a6d/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java ---------------------------------------------------------------------- diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java index 863209e..9ad1221 100644 --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/StoreConfiguration.java @@ -39,6 +39,7 @@ public class StoreConfiguration<T> { */ public void clearSecrets() { this.location = null; + Arrays.fill(password, '\u0000'); this.password = null; } @@ -60,7 +61,7 @@ public class StoreConfiguration<T> { } /** - * + * * @deprecated Use getPasswordAsCharArray() */ @Deprecated @@ -77,7 +78,7 @@ public class StoreConfiguration<T> { } /** - * + * * @deprecated Use getPasswordAsCharArray() */ @Deprecated
