From 885cc1d01d569b9a7b702aa81a2308c88a4e309c Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 28 Jun 2020 00:59:57 +0200 Subject: Linux/MacOSX: Erase sensitive memory explicitly instead of relying on the compiler not optimizing calls to method Memory::Erase --- src/Common/SecurityToken.cpp | 4 ---- src/Core/Unix/CoreService.cpp | 2 +- src/Platform/Buffer.cpp | 2 +- src/Platform/Memory.cpp | 6 ------ src/Platform/Memory.h | 2 +- src/Platform/StringConverter.cpp | 2 +- src/Volume/Keyfile.cpp | 2 +- 7 files changed, 5 insertions(+), 15 deletions(-) diff --git a/src/Common/SecurityToken.cpp b/src/Common/SecurityToken.cpp index 03de8a2a..8401a0eb 100644 --- a/src/Common/SecurityToken.cpp +++ b/src/Common/SecurityToken.cpp @@ -32,10 +32,6 @@ #include "SecurityToken.h" -#ifndef burn -# define burn Memory::Erase -#endif - using namespace std; namespace VeraCrypt diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index b129eff0..44389612 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -460,7 +460,7 @@ namespace VeraCrypt if (write (inPipe->GetWriteFD(), &adminPassword.front(), adminPassword.size())) { } // Errors ignored - Memory::Erase (&adminPassword.front(), adminPassword.size()); + burn (&adminPassword.front(), adminPassword.size()); throw_sys_if (fcntl (outPipe->GetReadFD(), F_SETFL, O_NONBLOCK) == -1); throw_sys_if (fcntl (errPipe.GetReadFD(), F_SETFL, O_NONBLOCK) == -1); diff --git a/src/Platform/Buffer.cpp b/src/Platform/Buffer.cpp index 7c61dc48..82c2a3f1 100644 --- a/src/Platform/Buffer.cpp +++ b/src/Platform/Buffer.cpp @@ -77,7 +77,7 @@ namespace VeraCrypt void Buffer::Erase () { if (DataSize > 0) - Memory::Erase (DataPtr, DataSize); + burn (DataPtr, DataSize); } void Buffer::Free () diff --git a/src/Platform/Memory.cpp b/src/Platform/Memory.cpp index 785f758c..c4afed64 100644 --- a/src/Platform/Memory.cpp +++ b/src/Platform/Memory.cpp @@ -10,7 +10,6 @@ code distribution packages. */ -#include "Common/Tcdefs.h" #include "Memory.h" #include "Exception.h" #include @@ -62,11 +61,6 @@ namespace VeraCrypt memcpy (memoryDestination, memorySource, size); } - void Memory::Erase (void *memory, size_t size) - { - burn (memory, size); - } - void Memory::Zero (void *memory, size_t size) { memset (memory, 0, size); diff --git a/src/Platform/Memory.h b/src/Platform/Memory.h index 2b022dfd..e0d4bfe3 100644 --- a/src/Platform/Memory.h +++ b/src/Platform/Memory.h @@ -16,6 +16,7 @@ #include #include #include "PlatformBase.h" +#include "Common/Tcdefs.h" #ifdef TC_WINDOWS @@ -76,7 +77,6 @@ namespace VeraCrypt static void *AllocateAligned (size_t size, size_t alignment); static int Compare (const void *memory1, size_t size1, const void *memory2, size_t size2); static void Copy (void *memoryDestination, const void *memorySource, size_t size); - static void Erase (void *memory, size_t size); static void Free (void *memory); static void FreeAligned (void *memory); static void Zero (void *memory, size_t size); diff --git a/src/Platform/StringConverter.cpp b/src/Platform/StringConverter.cpp index 6975bb39..e1a6df98 100644 --- a/src/Platform/StringConverter.cpp +++ b/src/Platform/StringConverter.cpp @@ -233,7 +233,7 @@ namespace VeraCrypt str.clear(); str.insert (0, &buf.front(), size); - Memory::Erase (&buf.front(), buf.size()); + burn (&buf.front(), buf.size()); } catch (...) { diff --git a/src/Volume/Keyfile.cpp b/src/Volume/Keyfile.cpp index d15dc0d7..d171458c 100644 --- a/src/Volume/Keyfile.cpp +++ b/src/Volume/Keyfile.cpp @@ -57,7 +57,7 @@ namespace VeraCrypt break; } - Memory::Erase (&keyfileData.front(), keyfileData.size()); + burn (&keyfileData.front(), keyfileData.size()); goto done; } -- cgit v1.2.3