how does one securely clear std::string?

by

Based on the answer given here, I wrote an allocator to securely zero memory.

#include <string>
#include <windows.h>

namespace secure
{
  template <class T> class allocator : public std::allocator<T>
  {
  public:

    template<class U> struct rebind { typedef allocator<U> other; };
    allocator() throw() {}
    allocator(const allocator &) throw() {}
    template <class U> allocator(const allocator<U>&) throw() {}

    void deallocate(pointer p, size_type num)
    {
      SecureZeroMemory((void *)p, num);
      std::allocator<T>::deallocate(p, num);
    }
  };

  typedef std::basic_string<char, std::char_traits<char>, allocator<char> > string;
}

int main()
{
  {
    secure::string bar("bar");
    secure::string longbar("baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaar");
  }
}

However, it turns out, depending on how std::string is implemented, it is possible that the allocator isn’t even invoked for small values. In my code, for example, the deallocate doesn’t even get called for the string bar (on Visual Studio).

The answer, then, is that we cannot use std::string to store sensitive data. Of course, we have the option to write a new class that handles the use case, but I was specifically interested in using std::string as defined.

Thanks everyone for your help!

More Related Contents:

  1. Read whole ASCII file into C++ std::string [duplicate]
  2. How do I read an entire file into a std::string in C++?
  3. How can I convert a std::string to int?
  4. std::string formatting like sprintf
  5. Legality of COW std::string implementation in C++11
  6. C++ convert string to hexadecimal and vice versa
  7. printf with std::string?
  8. How to get rid of `deprecated conversion from string constant to ‘char*’` warnings in GCC?
  9. Difference between string and char[] types in C++
  10. Does std::string have a null terminator?
  11. how to check if given c++ string or char* contains only digits?
  12. How do I check if a C++ std::string starts with a certain string, and convert a substring to an int?
  13. Why I cannot cout a string?
  14. What exactly is the L prefix in C++?
  15. Count character occurrences in a string in C++
  16. Splitting a string by a character
  17. Set precision of std::to_string when converting floating point values [duplicate]
  18. Why is modifying a string through a retrieved pointer to its data not allowed?
  19. Similar String algorithm
  20. Convert between string, u16string & u32string
  21. how to check string start in C++
  22. Align cout format as table’s columns
  23. When did C++ compilers start considering more than two hex digits in string literal character escapes?
  24. equivalent of Console.ReadLine() in c++
  25. What is the simplest way to convert char[] to/from tchar[] in C/C++(ms)?
  26. Memory-efficient C++ strings (interning, ropes, copy-on-write, etc) [closed]
  27. converting narrow string to wide string
  28. convert string to integer in c++
  29. How to convert int to string in C++
  30. What’s the difference between istringstream, ostringstream and stringstream? / Why not use stringstream in every case?

Leave a Comment