Hi,
2010-01-13 17:12 UTC+0100 Viktor Szakats (harbour.01 syenar.hu)
+ src/rtl/strclear.c
+ Added HB_STRCLEAR() function to safely clear the content
of a string variable.
I suggest to change HB_STRCLEAR() code. Current implementation returns
true, if hb_itemGetWriteCL() returns true, but it happens if pItem is
string. It is already validated by hb_param( 1, HB_IT_STRING ), so,
return value is not useful. If the purpose of the function is to clear
memory containing sensitive information, the function should return if
the memory was really cleared. I propose this code (self test included):
PROC main()
LOCAL cI, cJ
cI := "abc"
? HB_STRCLEAR(cI)
cI := "abc"
? HB_STRCLEAR(@cI)
cI := REPLICATE("a", 5)
cJ := cI
? HB_STRCLEAR(@cI)
cI := REPLICATE("a", 5)
cJ := cI
cJ := NIL
? HB_STRCLEAR(@cI)
RETURN
#pragma begindump
#include "hbapi.h"
#include "hbapiitm.h"
HB_FUNC( HB_STRCLEAR )
{
PHB_ITEM pItem = hb_param( 1, HB_IT_STRING );
/* NOTE: clear RETURN value before calling hb_itemGetWriteCL(),
it's possible that it contains copy of passed item [druzus] */
hb_retl( HB_FALSE );
if( pItem && HB_ISBYREF( 1 ) )
{
const char * szPtr;
char * pBuffer;
HB_SIZE nSize;
szPtr = hb_itemGetCPtr( pItem );
hb_itemGetWriteCL( pItem, &pBuffer, &nSize );
memset( pBuffer, '\0', nSize + 1 );
hb_retl( szPtr == pBuffer );
}
}
#pragma enddump
In this case HB_STRCLEAR() returns, if memory was cleared. It prints:
.F. // Pass by reference is forgotten
.F. // String data is static (part of PCODE) and can not be cleared
.F. // Multiple strings exists
.T. // OK!
Regards,
Mindaugas
_______________________________________________
Harbour mailing list (attachment size limit: 40KB)
Harbour@harbour-project.org
http://lists.harbour-project.org/mailman/listinfo/harbour