memset_s()
. The memory page containing secret can be swapped out to disk. If the program crashes before the call to memset_s()
completes, the information stored in secret may be stored in the core dump.setrlimit()
:mlock()
can be used to prevent paging by locking memory in place. This compliant solution not only disables the creation of core files but also ensures that the buffer is not swapped to hard disk:new_secret
, which is processed and eventually deallocated by a call to free()
. Because the memory is not cleared, it may be reallocated to another section of the program where the information stored in new_secret
may be unintentionally leaked.