[gnutls-help] secure deallocation?

Olaf Till i7tiol at t-online.de
Fri Jun 12 11:24:59 CEST 2015


Dear all,

can someone tell me the reason why gnutls_global_set_mem_functions()
isn't supported anymore? I might be wrong, but as I see it such a
functionality is needed, at least in my application:

I've based a plugin for parallel command execution in a cluster on
gnutls with SRP. Both client and server machines hold a cleartext
password in memory allocated by gnutls. Since gnutls just uses free(),
the password is not zeroed before deallocation. To my understanding,
after the client or server program exits, other users on these
machines have a chance to have the password in memory they allocate
which was previously allocated and freed by gnutls.

So I'd like to replace free() (and realloc ()) with something that
zeroes out first (using malloc_usable_size()), but since my program is
only a plugin, it seems I can't make the gnutls links to free() to
resolve to a replacement of free(), since the free() symbol is already
provided to gnutls by the main program. I'd like to avoid to have to
start the main program with LD_PRELOAD.

Kind regards,

Olaf

PS: Please CC me, I'm not subscribed.

-- 
public key id EAFE0591, e.g. on x-hkp://pool.sks-keyservers.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20150612/88f41319/attachment.sig>


More information about the Gnutls-help mailing list