Merged
Conversation
phoerious
changed the title
phoerious
force-pushed
the
hotfix/free-database-resources
branch
2 times, most recently
from
7fcd816 to
943a3c9
Compare
When we lock a database, we reset the database pointer to free its resources. Since various other widgets besides the DatabaseWidget hold references to the shared pointer object, however, it cannot be guaranteed that the actual database object will be freed right away. This patch adds a releaseData() method which is called upon database lock to ensure all residual data is cleared without having to rely on the actual database object being cleaned up.
The transformed secrets were stored in normal QByteArrays, which are at risk of being swapped out. We now use secure PasswordKey objects instead. There are still a few areas where QByteArrays are used for storing secrets, but since they are all temporary, they are less critical. It may be worth hunting those down as well, though.
phoerious
force-pushed
the
hotfix/free-database-resources
branch
from
943a3c9 to
edda8d2
Compare
droidmonkey
approved these changes
Nov 9, 2019
Member
|
Merge them both, all tests pass, this code has excellent coverage. |
phoerious
added a commit
that referenced
this pull request
Nov 11, 2019
Added - Add programmatic use of the EntrySearcher [#3760] - Explicitly clear database memory upon locking even if the object is not deleted immediately [#3824] - macOS: Add ability to perform notarization of built package [#3827] Changed - Reduce file hash checking to every 30 seconds to correct performance issues [#3724] - Correct formatting of notes in entry preview widget [#3727] - Improve performance and UX of database statistics page [#3780] - Improve interface for key file selection to discourage use of the database file [#3807] - Hide Auto-Type sequences column when not needed [#3794] - macOS: Revert back to using Carbon API for hotkey detection [#3794] - CLI: Do not show protected fields by default [#3710] Fixed - Secret Service: Correct issues interfacing with various applications [#3761] - Fix building without additional features [#3693] - Fix handling TOTP secret keys that require padding [#3764] - Fix database unlock dialog password field focus [#3764] - Correctly label open databases as locked on launch [#3764] - Prevent infinite recursion when two databases AutoOpen each other [#3764] - Browser: Fix incorrect matching of invalid URLs [#3759] - Properly stylize the application name on Linux [#3775] - Show application icon on Plasma Wayland sessions [#3777] - macOS: Check for Auto-Type permissions on use instead of at launch [#3794]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of change
Description and Context
This patch improves KeePassXC's memory hygiene. It consists of two changes:
1) Ensure database contents are released right away.
When we lock a database, we reset the database pointer to free its resources. Since various other widgets besides the DatabaseWidget hold references to the shared pointer object, however, it cannot be guaranteed that the actual database object will be freed right away. This patch adds a
releaseData()method which is called upon database lock to ensure all residual data is cleared without having to rely on the actual database object being cleaned up.2) Use PasswordKey for storing transformed secrets.
The transformed secrets were stored in normal QByteArrays, which are at risk of being swapped out. We now use secure PasswordKey objects instead. There are still a few areas where QByteArrays are used for storing secrets, but since they are all temporary, they are less critical. It may be worth hunting those down as well, though.
Change 2) is the larger one and we should discuss if we want to include it in 2.5.1 or only merge a reduced version of it and defer the rest (together with the clean-up of the remaining uses of QByteArrays for temporary short-lived secrets) to 2.6.
Testing strategy
No functionality was added and all existing tests still pass.
Checklist:
-DWITH_ASAN=ON. [REQUIRED]