make defense-in-depth memsets work in spite of compilers
|Reported by:||nickm_mobile||Owned by:|
|Actual Points:||Parent ID:|
In many places in our code, we memset things to zero before leaving a function or freeing memory, in an attempt to limit the damage that could be done by a postfacto information leak. But it appears that compilers like to "helpfully" optimize these out.
I've verified that the Llvm-gcc from the latest OSX does this; I haven't yet had time to check vanilla gccs yet.
Obviously, we should fix this. It is not a vulnerability per se, but if there are information leaks from memory, it could make their impact worse than they would be otherwise. It seems like an 024 issue but I could be persuaded otherwise.
Andrey Karpov pointed this out in a recent article, but I can't realistically copy links on this phone.
Next steps: look at actual compiler output from more compilers; identify portable or platform-specific memset replacements that won't get optimized out
Change History (7)
comment:2 Changed 2 years ago by arma
- Summary changed from make defensein-depth memsets work in spite of compilers to make defense-in-depth memsets work in spite of compilers