little_planet
Reputation: 1035
C++: Overwrite std::string in Cache
I got a string variable (contains passphrase) and would like to overwrite it's value with a sequence of '0' before the variable is released. I tought about doing something like:
void overwrite(std::string &toOverwrite){
if(toOverwrite.empty())
return;
else{
std::string removeString;
size_t length = toOverwrite.size();
for(int i = 0; i < length; i++){
removeString += "0";
}
toOverwrite = removeString;
}
}
But somehow this doesn't feel right.
- First because it seems to produce much overhead in the for loop.
- Moreover I'm not sure if the last line would really overwrite the string. I know that e.g. in Java strings are immutable and therefore can not be overwritten at all. They are not immutable in C++ (at least not std::string) but would
toOverwrite = removeStringreally replacetoOverwriteor just make that the "pointer" oftoOverwritewill point toremoveString? - Is it possible that my compiler will optimize the code and removes this overwriting?
Maybe I should use the std::string::replace method or change the datatype to char* / byte[]?
Upvotes: 0
Views: 744
Answers (1)
Tom Tanner
Reputation: 9354
Chances are that will just swap and free pointers, leaving the passphrase somewhere in memory which is no longer pointed to. If you want to overwrite the string data, do:
std::fill(toOverwrite.begin(), toOverwrite.end(), '0');
And you don't need a test for an empty string either.
Upvotes: 2
Related Questions
- How do I replace all occurrences of a string?
- How do I make the first letter of a string uppercase in JavaScript?
- Convert bytes to a string in Python 3
- How do I iterate over the words of a string?
- How do I read / convert an InputStream into a String in Java?
- What is the difference between String and string in C#?
- Case insensitive 'Contains(string)'
- What's the problem with "using namespace std;"?
- Why is char[] preferred over String for passwords?
- How to check whether a string contains a substring in JavaScript?