Improve resilience against memory attacks

To reduce residual fragments of secret data in memory after deallocation, this patch replaces the global delete operator with a version that zeros out previously allocated memory. It makes use of the new C++14 sized deallocation, but provides an unsized fallback with platform-specific size deductions. This change is only a minor mitigation and cannot protect against buffer reallocations by the operating system or non-C++ libraries. Thus, we still cannot guarantee all memory to be wiped after free. As a further improvement, this patch uses libgcrypt and libsodium to write long-lived master key component hashes into a secure memory area and wipe it afterwards. The patch also fixes compiler flags not being set properly on macOS.
2025-08-09 23:12:23 -04:00 · 2019-02-21 22:28:45 +01:00 · 2019-02-21 22:28:45 +01:00 · 13eb1c0bbd
commit 13eb1c0bbd
parent c7898fdeee
14 changed files with 207 additions and 28 deletions
--- a/src/cli/CMakeLists.txt
+++ b/src/cli/CMakeLists.txt
@ -38,6 +38,7 @@ target_link_libraries(keepassxc-cli
        keepassx_core
        Qt5::Core
        ${GCRYPT_LIBRARIES}
+        ${sodium_LIBRARY_RELEASE}
        ${ARGON2_LIBRARIES}
        ${GPGERROR_LIBRARIES}
        ${ZLIB_LIBRARIES}