Posted to tcl by sebres at Wed Dec 05 13:15:03 GMT 2018view raw
- proc _hash_pwd {} {
- ## lock all pages if available (MCL_CURRENT/MCL_FUTURE):
- if {[info command ::mlockall] ne ""} { ::mlockall -1 }
- try {
- ## first time password is here:
- set pwd [..generate_pwd..]
- ## -----------
- ## do something with pwd, e.g. create a hash or save to db...
- ## but note you shouldn't reference it inside (refcount can be
- ## verified with [::tcl::unsupported::representation $pwd]).
- set hash [hash_or_encrypt_it .. $pwd ..]
- ## -----------
- ## save the length and overwrite password var (the last reference):
- set l [string bytelength $pwd]
- ## allocate new object with the same length (as string and bytearray)...
- set pwd {}
- set pwd [binary format a$l ""]
- set pwd {}
- set pwd [string repeat " " $l]
- } finally {
- ## unlock all pages :
- if {[info command ::mlockall] ne ""} { ::munlockall }
- }
- return $hash
- }
- ## PoC:
- proc _clear_pwd_mem_poc {} {
- set pwd [binary decode hex 616263]
- puts "step 1) [::tcl::unsupported::representation $pwd]"
- set l [string bytelength $pwd]
- set pwd {}
- set pwd [binary format a$l ""]
- puts "step 2) [::tcl::unsupported::representation $pwd]"
- set pwd {}
- set pwd [string repeat " " $l]
- puts "step 3) [::tcl::unsupported::representation $pwd]"
- }
- _clear_pwd_mem_poc