Clearing memory securely and reallocations

前端未结

关注

 5  1776

别跟我提以往 2020-12-24 07:11

Following the discussion here, if you want to have a secure class for storing sensitive information (e.g passwords) on memory, you have to:

memset/clear the me

5条回答

[愿得一人] (楼主)

2020-12-24 07:47
Here is another program that reproduces the problem more directly:
```
#include 
#include 
#include 

inline void SecureWipeBuffer(char* buf, size_t n){
  volatile char* p = buf;
  asm volatile("rep stosb" : "+c"(n), "+D"(p) : "a"(0) : "memory");
}

void mymemcpy(char* b, const char* a, size_t n){
  char* s1 = b;
  const char* s2= a;
  for(; 0
```
If you replace memcpy with mymemcpy or use smaller sizes the problem goes away, so my best guess is that the builtin memcpy does something that leaves part of the copied data in memory. I guess this just shows that clearing sensitive data from memory is practically impossible unless it is designed into the entire system from scratch.
0 讨论(0) 查看其它5个回答发布评论: 提交评论加载中...