Merge pull request #1992 from Diapolo/no_memset

don't use memset() in privacy/security relevant code parts
12 years ago · 91cee34638
6 changed files with 15 additions and 18 deletions
--- a/src/allocators.h
+++ b/src/allocators.h
@ -9,6 +9,7 @@
 #include <string>
 #include <boost/thread/mutex.hpp>
 #include <map>
 #include <openssl/crypto.h> // for OPENSSL_cleanse()
 #ifdef WIN32
 #ifdef _WIN32_WINNT
@ -212,7 +213,7 @@ struct secure_allocator : public std::allocator<T>
    {
        if (p != NULL)
        {
-            memset(p, 0, sizeof(T) * n);
+            OPENSSL_cleanse(p, sizeof(T) * n);
            LockedPageManager::instance.UnlockRange(p, sizeof(T) * n);
        }
        std::allocator<T>::deallocate(p, n);
@ -246,7 +247,7 @@ struct zero_after_free_allocator : public std::allocator<T>
    void deallocate(T* p, std::size_t n)
    {
        if (p != NULL)
-            memset(p, 0, sizeof(T) * n);
+            OPENSSL_cleanse(p, sizeof(T) * n);
        std::allocator<T>::deallocate(p, n);
    }
 };
--- a/src/base58.h
+++ b/src/base58.h
@ -17,9 +17,11 @@
 #include <string>
 #include <vector>
 #include "bignum.h"
 #include "key.h"
 #include "script.h"
 #include "allocators.h"
 static const char* pszBase58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
@ -178,7 +180,8 @@ protected:
    unsigned char nVersion;
    // the actually encoded data
-    std::vector<unsigned char> vchData;
+    typedef std::vector<unsigned char, zero_after_free_allocator<unsigned char> > vector_uchar;
    vector_uchar vchData;
    CBase58Data()
    {
@ -186,13 +189,6 @@ protected:
        vchData.clear();
    }
    ~CBase58Data()
    {
        // zero the memory, as it may contain sensitive data
        if (!vchData.empty())
            memset(&vchData[0], 0, vchData.size());
    }
    void SetData(int nVersionIn, const void* pdata, size_t nSize)
    {
        nVersion = nVersionIn;
@ -221,7 +217,7 @@ public:
        vchData.resize(vchTemp.size() - 1);
        if (!vchData.empty())
            memcpy(&vchData[0], &vchTemp[1], vchData.size());
-        memset(&vchTemp[0], 0, vchTemp.size());
+        OPENSSL_cleanse(&vchTemp[0], vchData.size());
        return true;
    }
@ -457,4 +453,4 @@ public:
    }
 };
-#endif
+#endif // BITCOIN_BASE58_H
--- a/src/crypter.cpp
+++ b/src/crypter.cpp
@ -24,8 +24,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v
    if (i != (int)WALLET_CRYPTO_KEY_SIZE)
    {
-        memset(&chKey, 0, sizeof chKey);
+        OPENSSL_cleanse(chKey, sizeof(chKey));
-        memset(&chIV, 0, sizeof chIV);
+        OPENSSL_cleanse(chIV, sizeof(chIV));
        return false;
    }
--- a/src/crypter.h
+++ b/src/crypter.h
@ -76,8 +76,8 @@ public:
    void CleanKey()
    {
-        memset(&chKey, 0, sizeof chKey);
+        OPENSSL_cleanse(chKey, sizeof(chKey));
-        memset(&chIV, 0, sizeof chIV);
+        OPENSSL_cleanse(chIV, sizeof(chIV));
        fKeySet = false;
    }
--- a/src/netbase.cpp
+++ b/src/netbase.cpp
@ -545,7 +545,7 @@ bool ConnectSocketByName(CService &addr, SOCKET& hSocketRet, const char *pszDest
 void CNetAddr::Init()
 {
-    memset(ip, 0, 16);
+    memset(ip, 0, sizeof(ip));
 }
 void CNetAddr::SetIP(const CNetAddr& ipIn)
--- a/src/util.cpp
+++ b/src/util.cpp
@ -156,7 +156,7 @@ void RandAddSeedPerfmon()
    if (ret == ERROR_SUCCESS)
    {
        RAND_add(pdata, nSize, nSize/100.0);
-        memset(pdata, 0, nSize);
+        OPENSSL_cleanse(pdata, nSize);
        printf("RandAddSeed() %lu bytes\n", nSize);
    }
 #endif