Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve memory hygiene #3824

Merged
merged 2 commits into from Nov 9, 2019
Merged

Improve memory hygiene #3824

merged 2 commits into from Nov 9, 2019

Conversation

@phoerious
Copy link
Member

phoerious commented Nov 8, 2019

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • Refactor (significant modification to existing code)

Description and Context

This patch improves KeePassXC's memory hygiene. It consists of two changes:

1) Ensure database contents are released right away.
When we lock a database, we reset the database pointer to free its resources. Since various other widgets besides the DatabaseWidget hold references to the shared pointer object, however, it cannot be guaranteed that the actual database object will be freed right away. This patch adds a releaseData() method which is called upon database lock to ensure all residual data is cleared without having to rely on the actual database object being cleaned up.

2) Use PasswordKey for storing transformed secrets.
The transformed secrets were stored in normal QByteArrays, which are at risk of being swapped out. We now use secure PasswordKey objects instead. There are still a few areas where QByteArrays are used for storing secrets, but since they are all temporary, they are less critical. It may be worth hunting those down as well, though.

Change 2) is the larger one and we should discuss if we want to include it in 2.5.1 or only merge a reduced version of it and defer the rest (together with the clean-up of the remaining uses of QByteArrays for temporary short-lived secrets) to 2.6.

Testing strategy

No functionality was added and all existing tests still pass.

Checklist:

  • I have read the CONTRIBUTING document. [REQUIRED]
  • My code follows the code style of this project. [REQUIRED]
  • All new and existing tests passed. [REQUIRED]
  • I have compiled and verified my code with -DWITH_ASAN=ON. [REQUIRED]
@phoerious phoerious added this to the v2.5.1 milestone Nov 8, 2019
@phoerious phoerious requested a review from keepassxreboot/core-developers Nov 8, 2019
@phoerious phoerious changed the title Hotfix/free database resources Improve KeePassXC memory hygiene Nov 8, 2019
@phoerious phoerious force-pushed the hotfix/free-database-resources branch 2 times, most recently from 7fcd816 to 943a3c9 Nov 8, 2019
@phoerious phoerious changed the title Improve KeePassXC memory hygiene Improve memory hygiene Nov 8, 2019
phoerious added 2 commits Nov 8, 2019
When we lock a database, we reset the database pointer to
free its resources. Since various other widgets besides the
DatabaseWidget hold references to the shared pointer object,
however, it cannot be guaranteed that the actual database
object will be freed right away. This patch adds a releaseData()
method which is called upon database lock to ensure all
residual data is cleared without having to rely on the actual
database object being cleaned up.
The transformed secrets were stored in normal QByteArrays,
which are at risk of being swapped out. We now use secure
PasswordKey objects instead. There are still a few areas
where QByteArrays are used for storing secrets, but since
they are all temporary, they are less critical. It may be
worth hunting those down as well, though.
@phoerious phoerious force-pushed the hotfix/free-database-resources branch from 943a3c9 to edda8d2 Nov 8, 2019
@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Nov 9, 2019

Merge them both, all tests pass, this code has excellent coverage.

@phoerious phoerious merged commit 5996ba5 into release/2.5.1 Nov 9, 2019
3 checks passed
3 checks passed
MacOS (KeepassXC) TeamCity build finished
Details
Ubuntu Linux (KeepassXC) TeamCity build finished
Details
Windows 10 (KeepassXC) TeamCity build finished
Details
@phoerious phoerious deleted the hotfix/free-database-resources branch Nov 9, 2019
phoerious added a commit that referenced this pull request Nov 11, 2019
Added

- Add programmatic use of the EntrySearcher [#3760]
- Explicitly clear database memory upon locking even if the object is not deleted immediately [#3824]
- macOS: Add ability to perform notarization of built package [#3827]

Changed

- Reduce file hash checking to every 30 seconds to correct performance issues [#3724]
- Correct formatting of notes in entry preview widget [#3727]
- Improve performance and UX of database statistics page [#3780]
- Improve interface for key file selection to discourage use of the database file [#3807]
- Hide Auto-Type sequences column when not needed [#3794]
- macOS: Revert back to using Carbon API for hotkey detection [#3794]
- CLI: Do not show protected fields by default [#3710]

Fixed

- Secret Service: Correct issues interfacing with various applications [#3761]
- Fix building without additional features [#3693]
- Fix handling TOTP secret keys that require padding [#3764]
- Fix database unlock dialog password field focus [#3764]
- Correctly label open databases as locked on launch [#3764]
- Prevent infinite recursion when two databases AutoOpen each other [#3764]
- Browser: Fix incorrect matching of invalid URLs [#3759]
- Properly stylize the application name on Linux [#3775]
- Show application icon on Plasma Wayland sessions [#3777]
- macOS: Check for Auto-Type permissions on use instead of at launch [#3794]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.