Secure, password specific std::string that zeroes itself upon de-allocation

Question

I found something relevant to the question at [ 1 ] but it is Boost specific due to the age of the post and C++11 having not been matured by that point but otherwise, I'm looking for a secure std::string typedef of the sort below that zeroes itself upon de-allocation.

typedef std::basic_string<char, std::char_traits<char>, SecureStr<char>> string;

[ 1 ] - how does one securely clear std::string?

Would anyone know of good examples? The code must also NOT be optimized away on compilation and as such, compromise the security of the application. I know this can be quite the problem without good use of APIs into the O/S and/or compiler.

Answer 1

The accepted answer in the question you linked doesn't appear to be Boost-specific; it doesn't even mention Boost. It's a custom allocator for use with std::basic_string.

However, it mentions that depending on the implementation of basic_string, the allocator may not actually be invoked; basic_string may have space to store small strings internally without having to do a separate allocation. So instantiating basic_string with a custom allocator is not enough: you also need to zero the memory of the string object itself, in addition to any buffers it may have allocated.

One way to do that would be to use a unique_ptr constructed with a custom deleter function. unique_ptr doesn't deal with allocators directly, but you could allocate storage for a basic_string using your custom allocator, then construct a unique_ptr to it with a deleter that also delegates to the custom allocator.

BTW, you're just looking at zeroing memory when you're done with it, but another thing to be concerned about is the possibility that the sensitive data gets paged out to disk. Operating systems provide (non-portable) APIs for locking small amounts of data in RAM so it won't be paged out; you might want to take advantage of those features in your custom allocator.