|
|
|
|
|
|
by patrickas
4428 days ago
|
|
|
The sensitive data that was saved in that address is still there. Memory has been freed so the os can use is again but the actual data is still there is memory untill get get overwritten by something else... The program will work with no problems, but sensitive data that has been used then freed is available for retrieval when bugs like heartbleed are found. As the article suggests the right way is to clean the data from memory ( by overwriting it with something else) before freeing it. |
|
|
For instance if you set a stack-resident buffer that contained a key to all zeros using memset, then simply exit the scope, most optimisations will detect it as unnecessary (wtf? this never gets read back, who cares?) and ditch the line.
Search for memset_s (part of the C11 standard) for a clear function that can survive optimisers.