My program needs to sometime temporarely load some sensitive text content into an std::string variable. It is undesirable to keep this content in memory when it is not needed anymore. Am I correct thinking that when a string is explicitly cleared by calling clear(), swapped with an empty string or just gone out of scope, the memory allocated for the string content will be reclaimed(become available for other stuff), but the actual data may still exist inside this memory area? If I want to really remove the data from memory, should I explicitly override every string[n] element with, let's say, \0?
Asked
Active
Viewed 230 times
1
Alexey104
- 969
- 1
- 5
- 17
-
1All of the above link - plus - it's probably already too late as the attacker has had ages to read the string data before you "securely erase it". Are you stopping debuggers and memory snapshot attacks ? – Richard Critten Oct 07 '21 at 19:40
-
1However you decide to securely clear the memory after you're done with it, I would recommend using your own string-like class instead of `std::string` or at least `std::basic_string` with your own allocator which can guarantee that this cleanup always occurs. If you are using `std::string` directly you may accidentally leak the information when you forget to perform the cleanup, or if the cleanup is skipped for example during stack unwinding. – François Andrieux Oct 07 '21 at 19:45
-
@RichardCritten, No, I just want to store clipboard content in a string, but the content may be a password manager data, for example, and I don't want this data to sit in memory when it is not needed anymore. – Alexey104 Oct 07 '21 at 19:51
-
@FrançoisAndrieux `basic_string` allows small string optimization, which may not use the allocator, thus leaking your information. – Aykhan Hagverdili Oct 07 '21 at 20:10