1

I would like to securely clear (in simple case, setting contents to zeros) sensitive information from memory stored by std::string and std::vector elements. My vector can contain also primitive types (like std::vector) so I guess it would be more convenient to do clearing of all contained elements inside destructor of vector because primite types don't have destructor. I can't override std::string and std::vector classes with inheritance because those types are not designed for that (no virtual destructor, etc). Is there any other way? I found some posts with std::string automatic clearing but sample implementations there were all incomplete. Currently I clear my objects by manually setting contents to zeros when finished using object but that is very tedious.

Edit: Also clearing memory in this way is not secure as C++ containers could allocate/deallocate memory during some operations. That's why using allocators (described in similar question) could be only way to do that at least for longer strings where SSO (Short String Optimization) is not used.

jozols
  • 560
  • 7
  • 22
  • you could just iterate over the vector and set the elements to like 0 before deleting it. – Hayt Oct 20 '16 at 11:24
  • @Hayt the compiler is allowed to elide such assignments due to the as-if rule. More [here](http://www.viva64.com/en/w/V597/) – krzaq Oct 20 '16 at 11:25
  • @Hayt Will probably get optimized away. – Baum mit Augen Oct 20 '16 at 11:26
  • Oh wow. But the link form @krzaq also has a link to an article in it with a possible solution :) – Hayt Oct 20 '16 at 11:28
  • 1
    Same allocator trick also works for `vector`. – Baum mit Augen Oct 20 '16 at 11:28
  • @BaummitAugen I'd rather write a recursive-like template function to cover cases like string's SSO. – krzaq Oct 20 '16 at 11:31
  • 1
    Ib4 *"I found some posts with std::string automatic clearing but sample implementations there were all incomplete."* That does not make the question not a dupe. If the dupe needs better answers, offer a bounty with your reason (requires some rep, but not much) to attract more answers. – Baum mit Augen Oct 20 '16 at 11:31
  • @krzaq I'm not judging the answer of the dupe; if you can write a better one, give us the great content and get your well deserved rep for it. :) – Baum mit Augen Oct 20 '16 at 11:33
  • If you really want this functionality, you can create your own template class. This template would agregate other type and provide memory clean-up function which would be implemented in template specializations for the types you use. – foxfireee Oct 20 '16 at 11:35

1 Answers1

1

No, the irony is that object-oriented design is supposed to support exactly that sort of thing. In reality it doesn't work.

However what you can do is overload the new / delete operators to call mymalloc(), myshreddingfree(), myshreddingfree written so as to wipe the block freed (so you'll need mymalloc to tag it with a size). It's a bit fiddly, but something C++ allows.

Malcolm McLean
  • 6,258
  • 1
  • 17
  • 18
  • I guess you mean overloading new/delete globally. But that would be huge overhead. I can't do secure wipe for every deallocation where it's not necessary. – jozols Oct 20 '16 at 11:34