Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Any reason to use SecureZeroMemory() instead of memset() or ZeroMemory() when security is not an issue?

This MSND article says SecureZeroMemory() is good for cases when sensitive data stored in memory for a while should be for sure overwritten as soon as possible when no longer needed. Answers to this SO question explain why this can make a difference.

Now is there any sence in using SecureZeroMemory() for initializing just every memory block? For example in one project I see code like the following:

ICONINFO ii; 
::SecureZeroMemory(&ii, sizeof(ICONINFO)); 
if (::GetIconInfo(hIcon, &ii)) 
{
    //do stuff, then 
    //release bitmaps 
    if(ii.hbmMask) 
        ::DeleteObject(ii.hbmMask); 
    if(ii.hbmColor) 
        ::DeleteObject(ii.hbmColor); 
} 

why use SecureZeroMemory() here instead of ZeroMemory(), memset() or value initialization? I mean if the compiler decides initialization is unnecessary and wants to optimize it out - why would I enforce it? Is there any reason to use SecureZeroMemory() here?

like image 625
sharptooth Avatar asked Jan 06 '10 11:01

sharptooth


2 Answers

SecureZeroMemory is never optimized-away by a compiler. That is important if you need to worry about the contents of your memory to be cleaned, say if it contains very sensitive user info, e.g. banking software, passwords, etc. Obviously if there's no need for you to worry about such things, you can use any other way of cleaning memory buffers or not cleaning at all if it's not necessary.

like image 63
Dmitry Avatar answered Nov 07 '22 19:11

Dmitry


It makes no sense to use SecureZeroMemory to initialize an icon info structure. It can only overwrite bytes on the stack frame that should have been securely erased elsewhere. That horse already escaped the barn. It doesn't even make sense to initialize it at all, the return value of GetIconInfo() tells you that it got initialized.

SecureZeroMemory() only makes sense after memory was filled with secure data.

like image 31
Hans Passant Avatar answered Nov 07 '22 21:11

Hans Passant