Re: [Harbour] SF.net SVN: harbour-project:[13553] trunk/harbour

Thu, 14 Jan 2010 05:57:05 -0800 

Thanks a lot Mindaugas, I'll include this in next commit.

Brgds,
Viktor 

On 2010 Jan 14, at 14:28, Mindaugas Kavaliauskas wrote:

> Hi,
> 
> 
>> 2010-01-13 17:12 UTC+0100 Viktor Szakats (harbour.01 syenar.hu)
>>  + src/rtl/strclear.c
>>    + Added HB_STRCLEAR() function to safely clear the content       of a 
>> string variable.
> 
> I suggest to change HB_STRCLEAR() code. Current implementation returns true, 
> if hb_itemGetWriteCL() returns true, but it happens if pItem is string. It is 
> already validated by hb_param( 1, HB_IT_STRING ), so, return value is not 
> useful. If the purpose of the function is to clear memory containing 
> sensitive information, the function should return if the memory was really 
> cleared. I propose this code (self test included):
> 
> PROC main()
>  LOCAL cI, cJ
> 
>  cI := "abc"
>  ? HB_STRCLEAR(cI)
> 
>  cI := "abc"
>  ? HB_STRCLEAR(@cI)
> 
>  cI := REPLICATE("a", 5)
>  cJ := cI
>  ? HB_STRCLEAR(@cI)
> 
>  cI := REPLICATE("a", 5)
>  cJ := cI
>  cJ := NIL
>  ? HB_STRCLEAR(@cI)
> RETURN
> 
> #pragma begindump
> #include "hbapi.h"
> #include "hbapiitm.h"
> 
> HB_FUNC( HB_STRCLEAR )
> {
>   PHB_ITEM pItem = hb_param( 1, HB_IT_STRING );
> 
>   /* NOTE: clear RETURN value before calling hb_itemGetWriteCL(),
>            it's possible that it contains copy of passed item [druzus] */
>   hb_retl( HB_FALSE );
> 
>   if( pItem && HB_ISBYREF( 1 ) )
>   {
>      const char * szPtr;
>      char * pBuffer;
>      HB_SIZE nSize;
> 
>      szPtr = hb_itemGetCPtr( pItem );
>      hb_itemGetWriteCL( pItem, &pBuffer, &nSize );
>      memset( pBuffer, '\0', nSize + 1 );
>      hb_retl( szPtr == pBuffer );
>   }
> }
> #pragma enddump
> 
> 
> In this case HB_STRCLEAR() returns, if memory was cleared. It prints:
> .F.     // Pass by reference is forgotten
> .F.     // String data is static (part of PCODE) and can not be cleared
> .F.     // Multiple strings exists
> .T.     // OK!
> 
> 
> Regards,
> Mindaugas
> _______________________________________________
> Harbour mailing list (attachment size limit: 40KB)
> [email protected]
> http://lists.harbour-project.org/mailman/listinfo/harbour

_______________________________________________
Harbour mailing list (attachment size limit: 40KB)
[email protected]
http://lists.harbour-project.org/mailman/listinfo/harbour

Reply via email to