Usage of memset to eradicate string content
Caolán McNamara
caolanm at redhat.com
Fri Aug 24 03:53:11 PDT 2012
On Thu, 2012-08-23 at 21:00 +0200, Arnaud Versini wrote:
> Hi everyone,
>
> I noticed in the code some annihilation of O[U]String content by using
> memset or rtl_zeroMemory directly on the content as a password
> security. It breaks encapsulation and the string immutability, not so
> good. I think there is four possibilities, in order of my personal
> preference ;-) :
> 1. Don't eradicate the string content, the content remain in RAM
> until the string deletion and a new allocation of the area
So, looking at the code that "trashes" the password it doesn't make a
whole pile of sense to me. There's a OUString which is converted to a
OString, and the OString is then mangled with a
rtl_zeroMemory((void*)foo.getStr(), foo.getLength()) after use, but the
original OUString remains. So only the copy gets mangled, not the
original.
Best IMO to remove the Zeroing. If we want to do this sort of stuff,
we'd really need a single secure password class kind of thing, and use
it consistently, rather than arbitrarily butchering the occasional
OString.
C.
More information about the LibreOffice
mailing list