Thanks for the reminder about "volatile." It is an ancient and valuable feature of C and I suppose it's implemented correctly under gcc and some of the Windoze compilers even with high optimization options like -O2.From: "Trei, Peter" <[EMAIL PROTECTED]> [Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile" keyword is for. Unfortunately, not everyone writing in C knows the language. --Perry]
Everybody probably also knows about the gnupg trick, where they define a recursive routine called "burn_stack":>From RISKS: http://catless.ncl.ac.uk/Risks/22.35.html#subj6Those of us who write code need to be reminded of this now and then.
static void
burn_stack (int bytes)
{
char buf[64];
memset (buf, 0, sizeof buf);
bytes -= sizeof buf;
if (bytes > 0)
burn_stack (bytes);
}
Then there's the vararg technique discussed in Michael Welschenbach's book "Cryptography in C and C++":
static void purgevars_l (int noofvars, ...)
{
va_list ap;
size_t size;
va_start (ap, noofvars);
for (; noofvars > 0; --noofvars)
{
switch (size = va_arg (ap, size_t))
{
case 1: *va_arg (ap, char *) = 0;
break;
case 2: *va_arg (ap, short *) = 0;
break;
case 4: *va_arg (ap, long *) = 0;
break;
default:
memset (va_arg(ap, char *), 0, size);
}
}
va_end (ap);
}
Here's an example of how you might call the routine:
purgevars_l(2, sizeof (la), &la,
sizeof (lb), &lb);
But hey, if "volatile" keyword works then so much the better. I would recommend examining the assembly language output of your compiler to verify that it honours "volatile."
-- Patrick
http://fexl.com
