Posted to tcl by sebres at Wed Dec 05 13:15:03 GMT 2018view raw

  1. proc _hash_pwd {} {
  2.  
  3. ## lock all pages if available (MCL_CURRENT/MCL_FUTURE):
  4. if {[info command ::mlockall] ne ""} { ::mlockall -1 }
  5.  
  6. try {
  7.  
  8. ## first time password is here:
  9. set pwd [..generate_pwd..]
  10.  
  11. ## -----------
  12. ## do something with pwd, e.g. create a hash or save to db...
  13. ## but note you shouldn't reference it inside (refcount can be
  14. ## verified with [::tcl::unsupported::representation $pwd]).
  15.  
  16. set hash [hash_or_encrypt_it .. $pwd ..]
  17.  
  18. ## -----------
  19.  
  20. ## save the length and overwrite password var (the last reference):
  21. set l [string bytelength $pwd]
  22. ## allocate new object with the same length (as string and bytearray)...
  23. set pwd {}
  24. set pwd [binary format a$l ""]
  25. set pwd {}
  26. set pwd [string repeat " " $l]
  27.  
  28. } finally {
  29. ## unlock all pages :
  30. if {[info command ::mlockall] ne ""} { ::munlockall }
  31. }
  32. return $hash
  33. }
  34.  
  35. ## PoC:
  36.  
  37. proc _clear_pwd_mem_poc {} {
  38. set pwd [binary decode hex 616263]
  39. puts "step 1) [::tcl::unsupported::representation $pwd]"
  40.  
  41. set l [string bytelength $pwd]
  42. set pwd {}
  43. set pwd [binary format a$l ""]
  44. puts "step 2) [::tcl::unsupported::representation $pwd]"
  45. set pwd {}
  46. set pwd [string repeat " " $l]
  47. puts "step 3) [::tcl::unsupported::representation $pwd]"
  48. }
  49. _clear_pwd_mem_poc
  50.