Yes, zero my secret key data. Yes I really, really mean it.

2 files changed, 19 insertions, 11 deletions

diff --git a/node/Utils.cpp b/node/Utils.cpp
index 80406c3f..f0a03f2c 100644
--- a/node/Utils.cpp
+++ b/node/Utils.cpp
@@ -78,6 +78,22 @@ bool Utils::redirectUnixOutputs(const char *stdoutPath,const char *stderrPath)
 }
 #endif // __UNIX_LIKE__
 
+static void _Utils_doBurn(char *ptr,unsigned int len)
+{
+	for(unsigned int i=0;i<len;++i)
+		ptr[i] = (char)0;
+}
+void (*volatile _Utils_doBurn_ptr)(char *,unsigned int) = _Utils_doBurn;
+void Utils::burn(void *ptr,unsigned int len)
+	throw()
+{
+	// Ridiculous hack: call _doBurn() via a volatile function pointer to
+	// hold down compiler optimizers and beat them mercilessly until they
+	// cry and mumble something about never eliding secure memory zeroing
+	// again.
+	(_Utils_doBurn_ptr)((char *)ptr,len);
+}
+
 std::map<std::string,bool> Utils::listDirectory(const char *path)
 {
 	std::map<std::string,bool> r;
diff --git a/node/Utils.hpp b/node/Utils.hpp
index affae9a8..defb52a9 100644
--- a/node/Utils.hpp
+++ b/node/Utils.hpp
@@ -101,18 +101,10 @@ public:
 	}
 
 	/**
-	 * Securely zero memory
-	 *
-	 * This just uses volatile to ensure that it's never optimized out.
+	 * Securely zero memory, avoiding compiler optimizations and such
 	 */
-	static inline void burn(void *ptr,unsigned int len)
-		throw()
-	{
-		volatile unsigned char *p = (unsigned char *)ptr;
-		volatile unsigned char *e = p + len;
-		while (p != e)
-			*(p++) = (unsigned char)0;
-	}
+	static void burn(void *ptr,unsigned int len)
+		throw();
 
 	/**
 	 * Delete a file