RE: Getting passwords from the heap?

["Vladimir Kraljevic" <vladimir_kraljevic () llbudapest hu>]

AFAIK,

malloc() CAN, but usually not returns cleared memory (it is much better to
assume that, for all platforms). calloc() MUST (but don't believe every
word). On Windows, you can call ZeroMemory() to clear memory, or call
LocalAlloc(LPTR, LMEM_FIXED|LMEM_ZEROINIT) to achieve the same goal). You
can always write your paranoid functions, like PGP 2.6.2i implements
BurnMemory(), but again, not on all points, there is no need to do that,
burn only sensitive memory (God bless fast routines).

Content of memory that malloc() returns depends on C++ compiler
implementation, release or debug build, debugging tools used, prolog and
epilog code (for example, if it is debug build BoundsChecker will fill
returned heap with some specific byte and extend the requested amount of
memory by size of guard block, Visual C++ will set it to 0xCC [int 3]). You
cannot make platform independent "tool" that explores heap (unfortunately),
espetially memory of other processes (of course, there are some special
circumstances under which you can, depends on OS, but it is easier and makes
more sense to intercept keyboard input [as a driver, as a hook] if you need
a password, or call a good lady and chat-a-little, or try to make your home
grown Tempest).

Theoretically, you can get some sensitive information (depends on many
factors), but probability to get something (and to know that that is
sensitive) is equal to catch a fish in the late afternoon, at least on WinNT
(not because it is so secure, but because it is chaos out there). I suppose
that for *nix/*nux it should be the same.