Improve resilience against memory attacks

To reduce residual fragments of secret data in memory after deallocation, this patch replaces the global delete operator with a version that zeros out previously allocated memory. It makes use of the new C++14 sized deallocation, but provides an unsized fallback with platform-specific size deductions. This change is only a minor mitigation and cannot protect against buffer reallocations by the operating system or non-C++ libraries. Thus, we still cannot guarantee all memory to be wiped after free. As a further improvement, this patch uses libgcrypt and libsodium to write long-lived master key component hashes into a secure memory area and wipe it afterwards. The patch also fixes compiler flags not being set properly on macOS.
2025-06-24 22:50:57 -04:00 · 2019-02-21 22:28:45 +01:00 · 2019-02-21 22:28:45 +01:00 · 13eb1c0bbd
commit 13eb1c0bbd
parent c7898fdeee
14 changed files with 207 additions and 28 deletions
--- a/src/proxy/CMakeLists.txt
+++ b/src/proxy/CMakeLists.txt
@ -18,12 +18,13 @@ if(WITH_XC_BROWSER)
    include_directories(${BROWSER_SOURCE_DIR})

    set(proxy_SOURCES
+        ../core/Alloc.cpp
        keepassxc-proxy.cpp
        ${BROWSER_SOURCE_DIR}/NativeMessagingBase.cpp
        NativeMessagingHost.cpp)

    add_library(proxy STATIC ${proxy_SOURCES})
-    target_link_libraries(proxy Qt5::Core Qt5::Network)
+    target_link_libraries(proxy Qt5::Core Qt5::Network ${sodium_LIBRARY_RELEASE})
    add_executable(keepassxc-proxy keepassxc-proxy.cpp)
    target_link_libraries(keepassxc-proxy proxy)