On Thursday, October 18, 2018 4:00:10 PM CEST Daniel Stenberg via curl-library wrote: > On Wed, 17 Oct 2018, Gabriel Zachmann wrote: > >> This, plus zeroing buffers is really hard. > > > > I understand that this is not quite easy. However, while we won't find an > > optimal solution, I think we can do better. Zeroing memory might not > > succeed in all cases and there might be still some parts left on the > > stack, register, etc. But I think we can still memsetting most and it > > will be much harder to get sensitive information. > > Any suggestion on how to do this and make sure the compiler doesn't remove > the memset() ? > > Also, are you suggesting we clear the memory for all frees? If yes, then we > need to keep track of the sizes somehow and if no, then we need to figure > out which ones and deal with the appropriately.
It sounds like overkill to me. Clearing all memory to be freed all the time would have severe performance impact for no real benefit. Kamil > Can we come up with a way to measure this if we are doing this right or not? ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
