Improve resilience against memory attacks

To reduce residual fragments of secret data in memory after deallocation, this patch replaces the global delete operator with a version that zeros out previously allocated memory. It makes use of the new C++14 sized deallocation, but provides an unsized fallback with platform-specific size deductions. This change is only a minor mitigation and cannot protect against buffer reallocations by the operating system or non-C++ libraries. Thus, we still cannot guarantee all memory to be wiped after free. As a further improvement, this patch uses libgcrypt and libsodium to write long-lived master key component hashes into a secure memory area and wipe it afterwards. The patch also fixes compiler flags not being set properly on macOS.
2025-08-08 14:32:39 -04:00 · 2019-02-21 22:28:45 +01:00 · 2019-02-21 22:28:45 +01:00 · 13eb1c0bbd
commit 13eb1c0bbd
parent c7898fdeee
14 changed files with 207 additions and 28 deletions
--- a/src/browser/CMakeLists.txt
+++ b/src/browser/CMakeLists.txt
@ -16,7 +16,6 @@

 if(WITH_XC_BROWSER)
    include_directories(${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
-    find_package(sodium 1.0.12 REQUIRED)

    set(keepassxcbrowser_SOURCES
            BrowserAccessControlDialog.cpp
@ -33,5 +32,5 @@ if(WITH_XC_BROWSER)
            Variant.cpp)

    add_library(keepassxcbrowser STATIC ${keepassxcbrowser_SOURCES})
-    target_link_libraries(keepassxcbrowser Qt5::Core Qt5::Concurrent Qt5::Widgets Qt5::Network sodium)
+    target_link_libraries(keepassxcbrowser Qt5::Core Qt5::Concurrent Qt5::Widgets Qt5::Network ${sodium_LIBRARY_RELEASE})
 endif()