ngan
commented
3 months ago I talked to @composerinteralia about this at RailsConf and we were unsure why the password is cleared at all. It's still available in Ruby, so why bother clearing it in C? We need the password to stick around since it's needed/used for reconnecting, etc.
Fixes https://github.com/trilogy-libraries/trilogy/issues/103 Closes https://github.com/trilogy-libraries/trilogy/pull/106
Instead of using
memset()to clear the password, clear the password byte by byte in a loop. Additionally, we mark thechar*asvolatileto ensure that the compiler does not optimize away the memory access or the clearing operation.