Usage of memset to eradicate string content

Michael Stahl mstahl at
Fri Aug 24 04:09:53 PDT 2012

On 24/08/12 12:53, Caolán McNamara wrote:
> On Thu, 2012-08-23 at 21:00 +0200, Arnaud Versini wrote:
>> Hi everyone,
>> I noticed in the code some annihilation of O[U]String content by using
>> memset or rtl_zeroMemory directly on the content as a password
>> security. It breaks encapsulation and the string immutability, not so
>> good. I think there is four possibilities, in order of my personal
>> preference ;-) :
>>      1. Don't eradicate the string content, the content remain in RAM
>>         until the string deletion and a new allocation of the area
> So, looking at the code that "trashes" the password it doesn't make a
> whole pile of sense to me. There's a OUString which is converted to a
> OString, and the OString is then mangled with a
> rtl_zeroMemory((void*)foo.getStr(), foo.getLength()) after use, but the
> original OUString remains. So only the copy gets mangled, not the
> original.

well clearly that _is_ just security theater  :)

> Best IMO to remove the Zeroing. If we want to do this sort of stuff,
> we'd really need a single secure password class kind of thing, and use
> it consistently, rather than arbitrarily butchering the occasional
> OString.

agreed (see my other mail from yesterday for details).

More information about the LibreOffice mailing list