> > Does this optimization also occur during compilation of the Linux > > kernel? > Any such dead store removal is up to the compiler and the lifetime > of the object being clobbered. For 'auto' objects the optimization > is certainly likely. > > This is only a problem if the memory (a thread stack, say) is recycled > and leaked uninitialized to user-space, but such bugs are squashed > fairly quickly upon discovery. Thanks for comments, In the sha1_update() case I don't know whether the stack is recycled and leaked - it may be dependent on the calling function, but isn't it vulnerable? I tested this with the snippet below. If compiled with -O1 or -O2 and ON_STACK defined 1, I can read "Secret" a second time. With ON_STACK defined 0 I do not. Roel --- #include <stdio.h> #include <string.h> #include <stdlib.h> #define ON_STACK 1 void foo() { char password[] = "secret"; password[0]='S'; printf ("Don't show again: %s\n", password); memset(password, 0, sizeof(password)); } void foo2() { char* password = malloc(7); strncpy (password, "secret" , 7); password[6] = '\0'; password[0] = 'S'; printf ("Don't show again: %s\n", password); memset(password, 0, 7); free(password); } int main(int argc, char* argv[]) { #if ON_STACK == 1 foo(); #else foo2(); #endif int i; char foo3[] = "hoi"; printf ("foo1:%s\n", foo3); char* bar = &foo3[0]; for (i = -50; i < 50; i++) printf ("%c.", bar[i]); printf("\n"); return 0; } -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html