VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2020-06-28 00:59:57 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2020-06-28 01:06:39 +0200
commit885cc1d01d569b9a7b702aa81a2308c88a4e309c (patch)
treed9fbf25a97060ee6c96bdb7591feb6fc8eaec581
parentfded83d25cf8f8b4bbd80a1250c4777063ddc221 (diff)
downloadVeraCrypt-885cc1d01d569b9a7b702aa81a2308c88a4e309c.tar.gz
VeraCrypt-885cc1d01d569b9a7b702aa81a2308c88a4e309c.zip
Linux/MacOSX: Erase sensitive memory explicitly instead of relying on the compiler not optimizing calls to method Memory::Erase
Diffstat
-rw-r--r--src/Common/SecurityToken.cpp4
-rw-r--r--src/Core/Unix/CoreService.cpp2
-rw-r--r--src/Platform/Buffer.cpp2
-rw-r--r--src/Platform/Memory.cpp6
-rw-r--r--src/Platform/Memory.h2
-rw-r--r--src/Platform/StringConverter.cpp2
-rw-r--r--src/Volume/Keyfile.cpp2
7 files changed, 5 insertions, 15 deletions
diff --git a/src/Common/SecurityToken.cpp b/src/Common/SecurityToken.cpp
index 03de8a2a..8401a0eb 100644
--- a/src/Common/SecurityToken.cpp
+++ b/src/Common/SecurityToken.cpp
@@ -32,10 +32,6 @@
#include "SecurityToken.h"
-#ifndef burn
-# define burn Memory::Erase
-#endif
-
using namespace std;
namespace VeraCrypt
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index b129eff0..44389612 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -460,7 +460,7 @@ namespace VeraCrypt
if (write (inPipe->GetWriteFD(), &adminPassword.front(), adminPassword.size())) { } // Errors ignored
- Memory::Erase (&adminPassword.front(), adminPassword.size());
+ burn (&adminPassword.front(), adminPassword.size());
throw_sys_if (fcntl (outPipe->GetReadFD(), F_SETFL, O_NONBLOCK) == -1);
throw_sys_if (fcntl (errPipe.GetReadFD(), F_SETFL, O_NONBLOCK) == -1);
diff --git a/src/Platform/Buffer.cpp b/src/Platform/Buffer.cpp
index 7c61dc48..82c2a3f1 100644
--- a/src/Platform/Buffer.cpp
+++ b/src/Platform/Buffer.cpp
@@ -77,7 +77,7 @@ namespace VeraCrypt
void Buffer::Erase ()
{
if (DataSize > 0)
- Memory::Erase (DataPtr, DataSize);
+ burn (DataPtr, DataSize);
}
void Buffer::Free ()
diff --git a/src/Platform/Memory.cpp b/src/Platform/Memory.cpp
index 785f758c..c4afed64 100644
--- a/src/Platform/Memory.cpp
+++ b/src/Platform/Memory.cpp
@@ -10,7 +10,6 @@
code distribution packages.
*/
-#include "Common/Tcdefs.h"
#include "Memory.h"
#include "Exception.h"
#include <stdlib.h>
@@ -62,11 +61,6 @@ namespace VeraCrypt
memcpy (memoryDestination, memorySource, size);
}
- void Memory::Erase (void *memory, size_t size)
- {
- burn (memory, size);
- }
-
void Memory::Zero (void *memory, size_t size)
{
memset (memory, 0, size);
diff --git a/src/Platform/Memory.h b/src/Platform/Memory.h
index 2b022dfd..e0d4bfe3 100644
--- a/src/Platform/Memory.h
+++ b/src/Platform/Memory.h
@@ -16,6 +16,7 @@
#include <new>
#include <memory.h>
#include "PlatformBase.h"
+#include "Common/Tcdefs.h"
#ifdef TC_WINDOWS
@@ -76,7 +77,6 @@ namespace VeraCrypt
static void *AllocateAligned (size_t size, size_t alignment);
static int Compare (const void *memory1, size_t size1, const void *memory2, size_t size2);
static void Copy (void *memoryDestination, const void *memorySource, size_t size);
- static void Erase (void *memory, size_t size);
static void Free (void *memory);
static void FreeAligned (void *memory);
static void Zero (void *memory, size_t size);
diff --git a/src/Platform/StringConverter.cpp b/src/Platform/StringConverter.cpp
index 6975bb39..e1a6df98 100644
--- a/src/Platform/StringConverter.cpp
+++ b/src/Platform/StringConverter.cpp
@@ -233,7 +233,7 @@ namespace VeraCrypt
str.clear();
str.insert (0, &buf.front(), size);
- Memory::Erase (&buf.front(), buf.size());
+ burn (&buf.front(), buf.size());
}
catch (...)
{
diff --git a/src/Volume/Keyfile.cpp b/src/Volume/Keyfile.cpp
index d15dc0d7..d171458c 100644
--- a/src/Volume/Keyfile.cpp
+++ b/src/Volume/Keyfile.cpp
@@ -57,7 +57,7 @@ namespace VeraCrypt
break;
}
- Memory::Erase (&keyfileData.front(), keyfileData.size());
+ burn (&keyfileData.front(), keyfileData.size());
goto done;
}