BugTraq
When scrubbing secrets in memory doesn't work Nov 05 2002 10:13PM
Michael Howard (mikehow microsoft com) (3 replies)
During the Windows Security Push in Feb/Mar 2002, we noticed an
'interesting' anomaly with code to scrub passwords that looks like this:

bool DoSensitiveStuff() {
bool fOK = false;
const size_t cbPwd = 64;
char szPwd[cbPwd];
if (GetUserPassword(szPwd,cbPwd-1))
if (DoSomethingWithPassword(szPwd))
fOK = true;

memset(szPwd,0,cbPwd);

return fOK;
}

On the surface, this looks fine, until you look at the ASM output, and
you see the call to memset has been removed by the optimizer because
szPwd is not read once the function completes. Hence, the secret data is
still floating in memory.

This optimization, common in most modern C/C++ compilers is often
referred to as "dead store removal."

A full write-up outlining the issue in more detail, as well as some
remedies is at
http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp.

Cheers, Michael Howard
Secure Windows Initiative
Microsoft Corp.

Writing Secure Code
http://www.microsoft.com/mspress/books/5612.asp

[ reply ]
Re: When scrubbing secrets in memory doesn't work Nov 08 2002 04:23PM
Michael Zimmermann (zim vegaa de) (1 replies)
Re: When scrubbing secrets in memory doesn't work Nov 11 2002 11:46AM
Jan Echternach (jan goneko de)
Re: When scrubbing secrets in memory doesn't work Nov 06 2002 12:55PM
Gianni Tedesco (gianni ecsc co uk) (1 replies)
Re: When scrubbing secrets in memory doesn't work Nov 08 2002 04:00AM
Valdis Kletnieks vt edu
Re: When scrubbing secrets in memory doesn't work Nov 05 2002 11:58PM
Perry E. Metzger (perry piermont com) (1 replies)
Re: When scrubbing secrets in memory doesn't work Nov 07 2002 08:08AM
Andy Polyakov (appro fy chalmers se)


 

Privacy Statement
Copyright 2010, SecurityFocus