Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Improve memory hygiene #3824
Type of change
Description and Context
This patch improves KeePassXC's memory hygiene. It consists of two changes:
1) Ensure database contents are released right away.
2) Use PasswordKey for storing transformed secrets.
Change 2) is the larger one and we should discuss if we want to include it in 2.5.1 or only merge a reduced version of it and defer the rest (together with the clean-up of the remaining uses of QByteArrays for temporary short-lived secrets) to 2.6.
No functionality was added and all existing tests still pass.
When we lock a database, we reset the database pointer to free its resources. Since various other widgets besides the DatabaseWidget hold references to the shared pointer object, however, it cannot be guaranteed that the actual database object will be freed right away. This patch adds a releaseData() method which is called upon database lock to ensure all residual data is cleared without having to rely on the actual database object being cleaned up.
The transformed secrets were stored in normal QByteArrays, which are at risk of being swapped out. We now use secure PasswordKey objects instead. There are still a few areas where QByteArrays are used for storing secrets, but since they are all temporary, they are less critical. It may be worth hunting those down as well, though.
Added - Add programmatic use of the EntrySearcher [#3760] - Explicitly clear database memory upon locking even if the object is not deleted immediately [#3824] - macOS: Add ability to perform notarization of built package [#3827] Changed - Reduce file hash checking to every 30 seconds to correct performance issues [#3724] - Correct formatting of notes in entry preview widget [#3727] - Improve performance and UX of database statistics page [#3780] - Improve interface for key file selection to discourage use of the database file [#3807] - Hide Auto-Type sequences column when not needed [#3794] - macOS: Revert back to using Carbon API for hotkey detection [#3794] - CLI: Do not show protected fields by default [#3710] Fixed - Secret Service: Correct issues interfacing with various applications [#3761] - Fix building without additional features [#3693] - Fix handling TOTP secret keys that require padding [#3764] - Fix database unlock dialog password field focus [#3764] - Correctly label open databases as locked on launch [#3764] - Prevent infinite recursion when two databases AutoOpen each other [#3764] - Browser: Fix incorrect matching of invalid URLs [#3759] - Properly stylize the application name on Linux [#3775] - Show application icon on Plasma Wayland sessions [#3777] - macOS: Check for Auto-Type permissions on use instead of at launch [#3794]