If the native code is in standard C, then
free()
has never guaranteed that it clears memory. And, is it
legitimate to deallocate JVM-allocated data into the C malloc pool? Seems dangerous to
me, but I don't use JNI. Note that the Java layer still has at least one reference
(data
) to the memory you've just deallocated.
I think what you want to do is to overwrite the byte array
with zeroes, but you can do that in Java anyway. Once you've overwritten it,
obliterating the secrets, you don't care when the garbage collector finally gets round
to collecting it.
for (int k;
k data[k] =
0;
Maybe you're getting confused
about the differences between a String, which is immutable (so you can't overwrite it)
and a byte array which is mutable (so you can overwrite it).
No comments:
Post a Comment