Usage of memset to eradicate string content
Michael Stahl
mstahl at redhat.com
Fri Aug 24 04:09:53 PDT 2012
On 24/08/12 12:53, Caolán McNamara wrote:
> On Thu, 2012-08-23 at 21:00 +0200, Arnaud Versini wrote:
>> Hi everyone,
>>
>> I noticed in the code some annihilation of O[U]String content by using
>> memset or rtl_zeroMemory directly on the content as a password
>> security. It breaks encapsulation and the string immutability, not so
>> good. I think there is four possibilities, in order of my personal
>> preference ;-) :
>> 1. Don't eradicate the string content, the content remain in RAM
>> until the string deletion and a new allocation of the area
>
> So, looking at the code that "trashes" the password it doesn't make a
> whole pile of sense to me. There's a OUString which is converted to a
> OString, and the OString is then mangled with a
> rtl_zeroMemory((void*)foo.getStr(), foo.getLength()) after use, but the
> original OUString remains. So only the copy gets mangled, not the
> original.
well clearly that _is_ just security theater :)
> Best IMO to remove the Zeroing. If we want to do this sort of stuff,
> we'd really need a single secure password class kind of thing, and use
> it consistently, rather than arbitrarily butchering the occasional
> OString.
agreed (see my other mail from yesterday for details).
More information about the LibreOffice
mailing list