Posted to tcl by sebres at Wed Dec 05 13:15:03 GMT 2018view pretty
proc _hash_pwd {} { ## lock all pages if available (MCL_CURRENT/MCL_FUTURE): if {[info command ::mlockall] ne ""} { ::mlockall -1 } try { ## first time password is here: set pwd [..generate_pwd..] ## ----------- ## do something with pwd, e.g. create a hash or save to db... ## but note you shouldn't reference it inside (refcount can be ## verified with [::tcl::unsupported::representation $pwd]). set hash [hash_or_encrypt_it .. $pwd ..] ## ----------- ## save the length and overwrite password var (the last reference): set l [string bytelength $pwd] ## allocate new object with the same length (as string and bytearray)... set pwd {} set pwd [binary format a$l ""] set pwd {} set pwd [string repeat " " $l] } finally { ## unlock all pages : if {[info command ::mlockall] ne ""} { ::munlockall } } return $hash } ## PoC: proc _clear_pwd_mem_poc {} { set pwd [binary decode hex 616263] puts "step 1) [::tcl::unsupported::representation $pwd]" set l [string bytelength $pwd] set pwd {} set pwd [binary format a$l ""] puts "step 2) [::tcl::unsupported::representation $pwd]" set pwd {} set pwd [string repeat " " $l] puts "step 3) [::tcl::unsupported::representation $pwd]" } _clear_pwd_mem_poc