mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2025-01-03 19:50:55 -05:00
13eb1c0bbd
To reduce residual fragments of secret data in memory after deallocation, this patch replaces the global delete operator with a version that zeros out previously allocated memory. It makes use of the new C++14 sized deallocation, but provides an unsized fallback with platform-specific size deductions. This change is only a minor mitigation and cannot protect against buffer reallocations by the operating system or non-C++ libraries. Thus, we still cannot guarantee all memory to be wiped after free. As a further improvement, this patch uses libgcrypt and libsodium to write long-lived master key component hashes into a secure memory area and wipe it afterwards. The patch also fixes compiler flags not being set properly on macOS. |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| keepassxc-proxy.cpp | ||
| NativeMessagingHost.cpp | ||
| NativeMessagingHost.h | ||