Mirrors
/
gparted
mirror of https://gitlab.gnome.org/GNOME/gparted.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Split out erasing all passwords into a separate method (#795617) 

Move zeroing of the locked memory into separate PWStore::erase_all()
private method.  Then use this in the PWStore destructor.  This is so
that zeroing of all passwords can be unit tested independently of
destructing the singleton PWStore object.

Bug 795617 - Implement opening and closing of LUKS mappings
This commit is contained in:
Mike Fleetwood 2017-11-08 16:32:47 +00:00 committed by Curtis Gedak
parent c6657aab9e
commit e2cb8b3126
1 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/PasswordRAMStore.cc
View File

@ -47,6 +47,7 @@ public:
private:
iterator find_key( const Glib::ustring & key );
void erase_all();
std::vector<PWEntry> pw_entries; // Linear vector of password entries
char * protected_mem; // Block of virtual memory locked into RAM
@ -94,24 +95,9 @@ PWStore::PWStore()
PWStore::~PWStore()
{
// WARNING:
// memset() can be optimised away if the compiler knows the memory is not accessed
// again. In this case the pointer to the zeroed memory is passed to munmap()
// afterwards so the compiler has to assume the memory is accessed so can't
// optimise the memset() away.
// Reference:
// * SEI CERT C Coding Standard, MSC06-C. Beware of compiler optimizations
// https://www.securecoding.cert.org/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations
//
// NOTE:
// For secure overwriting of memory C11 has memset_s(), Linux kernel has
// memzero_explicit(), FreeBSD/OpenBSD have explicit_bzero() and Windows has
// SecureZeroMemory().
erase_all();
if ( protected_mem != NULL )
{
memset( protected_mem, '\0', ProtectedMemSize );
munmap( protected_mem, ProtectedMemSize );
}
}
bool PWStore::insert( const Glib::ustring & key, const char * password )
@ -184,6 +170,28 @@ PWStore::iterator PWStore::find_key( const Glib::ustring & key )
return pw_entries.end();
}
void PWStore::erase_all()
{
pw_entries.clear();
if ( protected_mem != NULL );
// WARNING:
// memset() can be optimised away if the compiler knows the memory is not
// accessed again. In this case this memset() is in a separate method
// which usually bounds such optimisations. Also in the parent method the
// the pointer to the zeroed memory is passed to munmap() afterwards which
// the compiler has to assume the memory is accessed so it can't optimise
// the memset() away.
// Reference:
// * SEI CERT C Coding Standard, MSC06-C. Beware of compiler optimizations
// https://www.securecoding.cert.org/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations
//
// NOTE:
// For secure overwriting of memory C11 has memset_s(), Linux kernel has
// memzero_explicit(), FreeBSD/OpenBSD have explicit_bzero() and Windows
// has SecureZeroMemory().
memset( protected_mem, '\0', ProtectedMemSize );
}
// The single password RAM store
static PWStore single_pwstore;