[wallet] Securely erase potentially sensitive keys/values

This commit is contained in:
Thomas Snider 2017-03-23 14:07:51 -07:00
parent e2b99b1313
commit 6c914ac176
2 changed files with 22 additions and 20 deletions

View file

@ -8,6 +8,7 @@
#include <stdlib.h> #include <stdlib.h>
// Attempt to overwrite data in the specified memory span.
void memory_cleanse(void *ptr, size_t len); void memory_cleanse(void *ptr, size_t len);
#endif // BITCOIN_SUPPORT_CLEANSE_H #endif // BITCOIN_SUPPORT_CLEANSE_H

View file

@ -180,22 +180,23 @@ public:
Dbt datValue; Dbt datValue;
datValue.set_flags(DB_DBT_MALLOC); datValue.set_flags(DB_DBT_MALLOC);
int ret = pdb->get(activeTxn, &datKey, &datValue, 0); int ret = pdb->get(activeTxn, &datKey, &datValue, 0);
memset(datKey.get_data(), 0, datKey.get_size()); memory_cleanse(datKey.get_data(), datKey.get_size());
if (datValue.get_data() == NULL) bool success = false;
return false; if (datValue.get_data() != NULL) {
// Unserialize value // Unserialize value
try { try {
CDataStream ssValue((char*)datValue.get_data(), (char*)datValue.get_data() + datValue.get_size(), SER_DISK, CLIENT_VERSION); CDataStream ssValue((char*)datValue.get_data(), (char*)datValue.get_data() + datValue.get_size(), SER_DISK, CLIENT_VERSION);
ssValue >> value; ssValue >> value;
success = true;
} catch (const std::exception&) { } catch (const std::exception&) {
return false; // In this case success remains 'false'
} }
// Clear and free memory // Clear and free memory
memset(datValue.get_data(), 0, datValue.get_size()); memory_cleanse(datValue.get_data(), datValue.get_size());
free(datValue.get_data()); free(datValue.get_data());
return (ret == 0); }
return ret == 0 && success;
} }
template <typename K, typename T> template <typename K, typename T>
@ -222,8 +223,8 @@ public:
int ret = pdb->put(activeTxn, &datKey, &datValue, (fOverwrite ? 0 : DB_NOOVERWRITE)); int ret = pdb->put(activeTxn, &datKey, &datValue, (fOverwrite ? 0 : DB_NOOVERWRITE));
// Clear memory in case it was a private key // Clear memory in case it was a private key
memset(datKey.get_data(), 0, datKey.get_size()); memory_cleanse(datKey.get_data(), datKey.get_size());
memset(datValue.get_data(), 0, datValue.get_size()); memory_cleanse(datValue.get_data(), datValue.get_size());
return (ret == 0); return (ret == 0);
} }
@ -245,7 +246,7 @@ public:
int ret = pdb->del(activeTxn, &datKey, 0); int ret = pdb->del(activeTxn, &datKey, 0);
// Clear memory // Clear memory
memset(datKey.get_data(), 0, datKey.get_size()); memory_cleanse(datKey.get_data(), datKey.get_size());
return (ret == 0 || ret == DB_NOTFOUND); return (ret == 0 || ret == DB_NOTFOUND);
} }
@ -265,7 +266,7 @@ public:
int ret = pdb->exists(activeTxn, &datKey, 0); int ret = pdb->exists(activeTxn, &datKey, 0);
// Clear memory // Clear memory
memset(datKey.get_data(), 0, datKey.get_size()); memory_cleanse(datKey.get_data(), datKey.get_size());
return (ret == 0); return (ret == 0);
} }
@ -308,8 +309,8 @@ public:
ssValue.write((char*)datValue.get_data(), datValue.get_size()); ssValue.write((char*)datValue.get_data(), datValue.get_size());
// Clear and free memory // Clear and free memory
memset(datKey.get_data(), 0, datKey.get_size()); memory_cleanse(datKey.get_data(), datKey.get_size());
memset(datValue.get_data(), 0, datValue.get_size()); memory_cleanse(datValue.get_data(), datValue.get_size());
free(datKey.get_data()); free(datKey.get_data());
free(datValue.get_data()); free(datValue.get_data());
return 0; return 0;