Browse Source

Merge #10308: [wallet] Securely erase potentially sensitive keys/values

6c914ac [wallet] Securely erase potentially sensitive keys/values (Thomas Snider)

Tree-SHA512: 071d88c4093108d4e4eced35a6ffcebe3f499798194f5b1be661ffa5b78b5f55311667f6d2a72758d85290f61f958381ee95d380b9045ca18e9e1875f0e686c8
tags/v0.15.1
Wladimir J. van der Laan 4 years ago
parent
commit
94e52273f3
No account linked to committer's email address
2 changed files with 23 additions and 21 deletions
  1. 1
    0
      src/support/cleanse.h
  2. 22
    21
      src/wallet/db.h

+ 1
- 0
src/support/cleanse.h View File

@@ -8,6 +8,7 @@

#include <stdlib.h>

// Attempt to overwrite data in the specified memory span.
void memory_cleanse(void *ptr, size_t len);

#endif // BITCOIN_SUPPORT_CLEANSE_H

+ 22
- 21
src/wallet/db.h View File

@@ -180,22 +180,23 @@ public:
Dbt datValue;
datValue.set_flags(DB_DBT_MALLOC);
int ret = pdb->get(activeTxn, &datKey, &datValue, 0);
memset(datKey.get_data(), 0, datKey.get_size());
if (datValue.get_data() == NULL)
return false;

// Unserialize value
try {
CDataStream ssValue((char*)datValue.get_data(), (char*)datValue.get_data() + datValue.get_size(), SER_DISK, CLIENT_VERSION);
ssValue >> value;
} catch (const std::exception&) {
return false;
memory_cleanse(datKey.get_data(), datKey.get_size());
bool success = false;
if (datValue.get_data() != NULL) {
// Unserialize value
try {
CDataStream ssValue((char*)datValue.get_data(), (char*)datValue.get_data() + datValue.get_size(), SER_DISK, CLIENT_VERSION);
ssValue >> value;
success = true;
} catch (const std::exception&) {
// In this case success remains 'false'
}

// Clear and free memory
memory_cleanse(datValue.get_data(), datValue.get_size());
free(datValue.get_data());
}

// Clear and free memory
memset(datValue.get_data(), 0, datValue.get_size());
free(datValue.get_data());
return (ret == 0);
return ret == 0 && success;
}

template <typename K, typename T>
@@ -222,8 +223,8 @@ public:
int ret = pdb->put(activeTxn, &datKey, &datValue, (fOverwrite ? 0 : DB_NOOVERWRITE));

// Clear memory in case it was a private key
memset(datKey.get_data(), 0, datKey.get_size());
memset(datValue.get_data(), 0, datValue.get_size());
memory_cleanse(datKey.get_data(), datKey.get_size());
memory_cleanse(datValue.get_data(), datValue.get_size());
return (ret == 0);
}

@@ -245,7 +246,7 @@ public:
int ret = pdb->del(activeTxn, &datKey, 0);

// Clear memory
memset(datKey.get_data(), 0, datKey.get_size());
memory_cleanse(datKey.get_data(), datKey.get_size());
return (ret == 0 || ret == DB_NOTFOUND);
}

@@ -265,7 +266,7 @@ public:
int ret = pdb->exists(activeTxn, &datKey, 0);

// Clear memory
memset(datKey.get_data(), 0, datKey.get_size());
memory_cleanse(datKey.get_data(), datKey.get_size());
return (ret == 0);
}

@@ -308,8 +309,8 @@ public:
ssValue.write((char*)datValue.get_data(), datValue.get_size());

// Clear and free memory
memset(datKey.get_data(), 0, datKey.get_size());
memset(datValue.get_data(), 0, datValue.get_size());
memory_cleanse(datKey.get_data(), datKey.get_size());
memory_cleanse(datValue.get_data(), datValue.get_size());
free(datKey.get_data());
free(datValue.get_data());
return 0;

Loading…
Cancel
Save