How to clear the data downloaded with Curl from the process memory?
Im downloading/reading data from my database with Curl
and the following code:
c++
static size_t WriteCallback(void* contents, size_t size, size_t nmemb, void* userp)
{
((std::string*)userp)->append((char*)contents, size * nmemb);
return size * nmemb;
}
void Url(std::string& data, std::string url, std::string mode, std::string json)
{
CURLcode ret;
CURL* curl;
struct curl_slist* slist1;
curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
if (!json.empty())
{
slist1 = NULL;
slist1 = curl_slist_append(slist1, "Content-Type: application/json");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, json.c_str());
//curl_easy_setopt(curl, CURLOPT_USERAGENT, "curl/7.38.0");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist1);
}
curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 50L);
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, mode.c_str());
curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteCallback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &data);
ret = curl_easy_perform(curl);
curl_easy_cleanup(curl);
curl = NULL;
if (!json.empty())
{
curl_slist_free_all(slist1);
slist1 = NULL;
}
}
// ...
std::string data = "";
Url(data, "", "POST", "{\"key\": \"test\"}")
// ...
SecureZeroMemory(&data, sizeof(data));
When I go to the process which calls the code above and creates a dump file from it, I can find all the data from the Curl
call inside of the dump file, is readable even the content of the key sent "test"
.
This is how it looks in the dump file:
Server: Cowboy
Connection: keep-alive
Vary: Origin
Content-Type: text/plain; charset=utf-8
Content-Length: 43
Date: Thu, 14 Oct 2021 16:14:45 GMT
Via: 1.1 vegur
< the data received >
< the API path > HTTP/1.1
Host: ....herokuapp.com
Accept: */*
Content-Type: application/json
Content-Length: 23
{"key":"test"}
I'm using Heroku and MongoDB, with Curl
I'm connecting to the API path in Heroku like :
https://....herokuapp.com/api/...
In the dump file just after the path, there's an HTTP
https://i.imgur.com/UaPin1i.png
As per suggestion I also tried to call for SecureZeroMemory
.
But all the info is still readable inside of the dump file, API paths, json keys, content send/received, server name, etc.
c++
static size_t WriteCallback(void* contents, size_t size, size_t nmemb, void* userp)
{
// userp is a pointer to a std::string
// -> cast to std::string* and store in variable for ease of use
std::string* str = reinterpret_cast<std::string*>(userp);
// size of current data
std::size_t bak_size = str->size();
char* bak = new char[bak_size]; // temporary buffer
str->copy(bak, str->size()); // copy current data into temporary buffer
// Zeroes current data
RtlSecureZeroMemory(const_cast<char*>(str->data()), str->size());
// Resize the string (userp), this causes reallocation
// -> the memory must be zeroed before because the old data may still be in memory
// after it is discarded for the string to allocate new blocks
str->resize(str->size() + (size * nmemb));
RtlCopyMemory(const_cast<char*>(str->data()), bak, bak_size); // Copy from temporary buffer into new address
RtlCopyMemory(const_cast<char*>(str->data()) + bak_size, contents, size * nmemb); // Append the new content
// Zeroes and frees the temporary buffer.
RtlSecureZeroMemory(bak, bak_size);
delete[] bak;
bak = nullptr;
//((std::string*)userp)->append((char*)contents, size * nmemb);
//memset(contents, 0, size * nmemb);
// Zeroes the content
RtlSecureZeroMemory(contents, size * nmemb);
return size * nmemb;
}
Would like to ask what I could do to avoid it being so easily readable.
If it's possible somehow to clear it from being stored in the memory.