If you overwrite the key with a string of equivilent length then there is no logical reason for Perl to need to change the memory location. In fact you can show that it does not quite simply with Devel::Peek. The PV memory address remains constant.
While there are no guarantees this will work on every version of Perl I don't see why not, and you could easily incorporate this test into the test suite.
Note if you change the equivilent length sting 'gone!' to say $key = 'x' x 20; you WILL see the pointer value change as Perl needs to reallocate memory to fit this string in. If you make this 19 then Perl does not reallocate FWIW. Replacing one X char string with another of N chars appears to work just fine when X == N.
Abigail points out a compiler optimisation issue where the compiler sees that $key will not be used again and optimizes it out. In the test code we do use it (for the Dump and the decrypt call again) Provided you don't mind a warning there would seem to be no way the compiler could optimize out say $key='gone!'; warn $key
use Devel::Peek; my $str = 'the key is:'; my $key = 'hello'; Dump($key); decrypt( $str, $key ); $key = 'gone!'; # $key = 'x'x100000; # a string that won't fit will change PV Dump($key); decrypt( $str, $key ); sub decrypt { warn "\nGot @_\n\n" } __DATA__ SV = PV(0x15d529c) at 0x1a8460c REFCNT = 1 FLAGS = (PADBUSY,PADMY,POK,pPOK) PV = 0x1a4a8ac "hello"\0 CUR = 5 LEN = 6 Got the key is: hello SV = PV(0x15d529c) at 0x1a8460c REFCNT = 1 FLAGS = (PADBUSY,PADMY,POK,pPOK) PV = 0x1a4a8ac "gone!"\0 CUR = 5 LEN = 6 Got the key is: gone!
cheers
tachyon
s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print
In reply to Re: Re: Handling encryption safely
by tachyon
in thread Handling encryption safely
by bagu
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |