BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
When scrubbing secrets in memory doesn't work Nov 05 2002 10:13PM
Michael Howard (mikehow microsoft com)
During the Windows Security Push in Feb/Mar 2002, we noticed an
'interesting' anomaly with code to scrub passwords that looks like this:

bool DoSensitiveStuff() {
bool fOK = false;
const size_t cbPwd = 64;
char szPwd[cbPwd];
if (GetUserPassword(szPwd,cbPwd-1))
if (DoSomethingWithPassword(szP...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus