[fpc-pascal] Processing passwords etc.

[Mark Morgan Lloyd]

waldo kitty wrote:
> On 4/11/2014 5:03 AM, Michael Van Canneyt wrote:
>> The main point is that in FPC you can install a memory manager that 
>> wipes out
>> any memory when getting or releasing it, if you want to make your 
>> software more
>> secure that way.
> 
> how would one go about doing this? i learned in my TP3/6 days to use 
> fillchar on everything to ensure that it was filled with 0x00... 
> especially my data files... when looking at them with a hex editor, my 
> OCD would hit strongly because the data file was "not clean and holding 
> only my data"...

The ideal is to overwrite sensitive data with random bytes, since even 
the length of a zero block can be useful to an attacker.

> i don't know how one would go about cleaning released memory as someone 
> else asked about (eg: extending an array or string or etc)... once the 
> memory is released, it is no longer accessible, right?

But since the deallocated memory is going to a local heap, sooner or 
later you're likely to get that back as a new block. That, as I 
understand it, is what happened in OpenSSL.

The worst case would be if a cautious programmer zeroed everything that 
he was freeing explicitly, without realising that any strings he 
extended were going back into the heap intact so now stood out like a 
sore thumb. Anybody who was able to inspect the heap would see only 
strings that had subsequently been expanded:

     password := getFromUser();          // Probably about 7 chars
     password += #$00 + systemName();    // Leaves password on heap
     saveToDB(Tiger2(password));
     zeroString(password)                // Length doesn't change
   end;                                  // Zeroed block freed to heap

-- 
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]