Changeset 26243 in vbox

Timestamp:

Feb 4, 2010 4:39:26 PM (15 years ago)

Author:

vboxsync

Message:

VbglR3CredentialsDestroy: s/uint8_t u8NumPasses/uint32_t cPasses/. Implemented multipass wiping with random data.

Location:

trunk

Files:

• include/VBox/VBoxGuestLib.h (modified) (1 diff)
• src/VBox/Additions/common/VBoxGuestLib/VBoxGuestR3LibCredentials.cpp (modified) (3 diffs)

trunk/include/VBox/VBoxGuestLib.h

@@ -498 +498 @@
 VBGLR3DECL(bool)    VbglR3CredentialsAreAvailable(void);
 VBGLR3DECL(int)     VbglR3CredentialsRetrieve(char **ppszUser, char **ppszPassword, char **ppszDomain);
-VBGLR3DECL(void)    VbglR3CredentialsDestroy(char *pszUser, char *pszPassword, char *pszDomain, uint8_t u8NumPasses);
+VBGLR3DECL(void)    VbglR3CredentialsDestroy(char *pszUser, char *pszPassword, char *pszDomain, uint32_t cPasses);
 /** @}  */
 

trunk/src/VBox/Additions/common/VBoxGuestLib/VBoxGuestR3LibCredentials.cpp

@@ -24 +24 @@
 *   Header Files                                                               *
 *******************************************************************************/
+#include <iprt/asm.h>
 #include <iprt/string.h>
+#include <iprt/rand.h>
 #include <VBox/log.h>
 
@@ -89 +91 @@
 
 /**
- * Clears and frees the strings
+ * Clears and frees the three strings.
  *
- * @returns IPRT status value
  * @param   pszUser        Receives pointer of the user name string to destroy.
  *                         Optional.
@@ -98 +99 @@
  * @param   pszDomain      Receives pointer of allocated domain name string.
  *                         Optional.
- * @param   u8NumPasses    Number of wipe passes. The higher the better (and slower!).
+ * @param   cPasses        Number of wipe passes.  The more the better + slower.
  */
-VBGLR3DECL(void) VbglR3CredentialsDestroy(char *pszUser, char *pszPassword, char *pszDomain, uint8_t u8NumPasses)
+VBGLR3DECL(void) VbglR3CredentialsDestroy(char *pszUser, char *pszPassword, char *pszDomain, uint32_t cPasses)
 {
-    size_t l;
+    size_t const    cchUser     = pszUser     ? strlen(pszUser)     : 0;
+    size_t const    cchPassword = pszPassword ? strlen(pszPassword) : 0;
+    size_t const    cchDomain   = pszDomain   ? strlen(pszDomain)   : 0;
 
-    if (u8NumPasses == 0) /* We at least want to have one wipe pass. */
-        u8NumPasses = 1;
+    do
+    {
+        if (cchUser)
+            memset(pszUser,     0xff, cchUser);
+        if (cchPassword)
+            memset(pszPassword, 0xff, cchPassword);
+        if (cchDomain)
+            memset(pszDomain,   0xff, cchDomain);
+        ASMMemoryFence();
 
-    /** @todo add some for-loop with randomized content instead of
-     *        zero'ing out the string only one time. Use u8NumPasses for that. */
-    if (pszUser)
-    {
-        l = strlen(pszUser);
-        RT_BZERO(pszUser, l);
-        RTStrFree(pszUser);
-    }
-    if (pszPassword)
-    {
-        l = strlen(pszPassword);
-        RT_BZERO(pszPassword, l);
-        RTStrFree(pszPassword);
-    }
-    if (pszUser)
-    {
-        l = strlen(pszDomain);
-        RT_BZERO(pszDomain, l);
-        RTStrFree(pszDomain);
-    }
+        if (cchUser)
+            memset(pszUser,     0x00, cchUser);
+        if (cchPassword)
+            memset(pszPassword, 0x00, cchPassword);
+        if (cchDomain)
+            memset(pszDomain,   0x00, cchDomain);
+        ASMMemoryFence();
+
+        if (cchUser)
+            RTRandBytes(pszUser,     cchUser);
+        if (cchPassword)
+            RTRandBytes(pszPassword, cchPassword);
+        if (cchDomain)
+            RTRandBytes(pszDomain,   cchDomain);
+        ASMMemoryFence();
+
+    } while (cPasses-- > 0);
+
+    RTStrFree(pszUser);
+    RTStrFree(pszPassword);
+    RTStrFree(pszDomain);
 }
+