[27792] in bugtraq
Re: When scrubbing secrets in memory doesn't work
daemon@ATHENA.MIT.EDU (Michael Zimmermann)
Sat Nov 9 11:50:37 2002
Content-Type: text/plain;
charset="iso-8859-1"
From: Michael Zimmermann <zim@vegaa.de>
To: <bugtraq@securityfocus.com>
Date: Fri, 8 Nov 2002 17:23:34 +0100
In-Reply-To: <4B0F3B603558B44B9F4608630B4F641105356B8E@red-msg-06.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200211081723.37023.zim@vegaa.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At Dienstag, 5. November 2002 23:13 Michael Howard wrote:
> During the Windows Security Push in Feb/Mar 2002, we noticed an
> 'interesting' anomaly with code to scrub passwords that looks like this:
>
> bool DoSensitiveStuff() {
> bool fOK = false;
> const size_t cbPwd = 64;
> char szPwd[cbPwd];
> if (GetUserPassword(szPwd,cbPwd-1))
> if (DoSomethingWithPassword(szPwd))
> fOK = true;
>
> memset(szPwd,0,cbPwd);
>
> return fOK;
> }
Not to declare the intermediate storage for sensitive
data as 'volatile' is a coding flaw. An esily overlooked
one, yes, but nevertheless... Like forgetting to protect
critical code with semaphores.
- --
Michael Zimmermann (http://vegaa.de)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9y+UG72vu22ltWBERAqduAJ0YGSuDIWmU1boNIq/BFObDfSxi8gCfV3Si
R07sgLDQFqsZ8Rz2xVclOA0=
=2qe3
-----END PGP SIGNATURE-----
