From 443a056955fcf68352c204869279b60c06dccd0b Mon Sep 17 00:00:00 2001 From: Stefan Walter Date: Sat, 8 Aug 2009 02:06:17 +0000 Subject: [PATCH] [egg] Function for clearing secure memory. Added egg_secure_clear() and fine tuned egg_secure_strclear(). --- egg/egg-secure-memory.c | 26 ++++++++++++++++---------- egg/egg-secure-memory.h | 2 ++ egg/tests/unit-test-secmem.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 10 deletions(-) diff --git a/egg/egg-secure-memory.c b/egg/egg-secure-memory.c index 36c4e6a..3e48b0b 100644 --- a/egg/egg-secure-memory.c +++ b/egg/egg-secure-memory.c @@ -1197,21 +1197,27 @@ egg_secure_strdup (const char *str) } void -egg_secure_strclear (char *str) +egg_secure_clear (void *p, size_t length) { volatile char *vp; - size_t len; - if (!str) + if (p == NULL) return; - vp = (volatile char*)str; - len = strlen (str); - while (len) { - *vp = 0xAA; - vp++; - len--; - } + vp = (volatile char*)p; + while (length) { + *vp = 0xAA; + vp++; + length--; + } +} + +void +egg_secure_strclear (char *str) +{ + if (!str) + return; + egg_secure_clear ((unsigned char*)str, strlen (str)); } void diff --git a/egg/egg-secure-memory.h b/egg/egg-secure-memory.h index 7e23f40..6d412cd 100644 --- a/egg/egg-secure-memory.h +++ b/egg/egg-secure-memory.h @@ -76,6 +76,8 @@ void egg_secure_free (void* p); void egg_secure_free_full (void* p, int fallback); +void egg_secure_clear (void *p, size_t length); + int egg_secure_check (const void* p); void egg_secure_validate (void); diff --git a/egg/tests/unit-test-secmem.c b/egg/tests/unit-test-secmem.c index c3ce17d..e914986 100644 --- a/egg/tests/unit-test-secmem.c +++ b/egg/tests/unit-test-secmem.c @@ -204,3 +204,34 @@ DEFINE_TEST(secmem_multialloc) egg_secure_warnings = 1; } + +DEFINE_TEST(secmem_clear) +{ + gpointer p; + + p = egg_secure_alloc_full (188, 0); + g_assert (p != NULL); + memset (p, 0x89, 188); + g_assert (memchr (p, 0x89, 188) == p); + + egg_secure_clear (p, 188); + g_assert (memchr (p, 0x89, 188) == NULL); + + egg_secure_free_full (p, 0); +} + +DEFINE_TEST(secmem_strclear) +{ + gchar *str; + + str = egg_secure_strdup ("secret"); + g_assert (str != NULL); + g_assert_cmpuint (strlen (str), ==, 6); + g_assert (strchr (str, 't') == str + 6); + + egg_secure_strclear (str); + g_assert_cmpuint (strlen (str), ==, 6); + g_assert (strchr (str, 't') == NULL); + + egg_secure_free_full (str, 0); +} -- 2.7.4