Extending std::streambuf

Jan 7, 2010 at 10:26pm
Ok my goal is to be able to write into the std::cin buffer.

Specifically the location in its member pointer _IGfirst
it is protected so i know i need to extend std::streambuf to get it... my problem is im not sure how to do this.

i found this article:
http://www.devarticles.com/c/a/Cplusplus/Extending-the-Basic-Streams-in-C/
that covers the issue, but much of it is over my head, unfortunately.

here is what i have so far:
1
2
3
4
5
6
7
template < typename _S>
std::basic_streambuf<_S>& overwriteBuffer ( unsigned int count)
{
	std::string zeroString(count,'0'); 
	*_IGfirst = zeroString.c_str();

}


but i get the error:
error C2039: 'overwriteBuffer' : is not a member of 'std::basic_streambuf<_Elem,_Traits>'

when i try to use it:
std::cin.rdbuf()->overwriteBuffer(password.size());


thanks for any help!
Jan 7, 2010 at 10:42pm
Ok my goal is to be able to write into the std::cin buffer.
You want to what? I don't think that's possible, but if we assume it is, why would you want to do that?
Jan 7, 2010 at 10:45pm
Yeah, it's not going to be possible because std::cin is going to use the base class anyway,
not your derived class.
Jan 7, 2010 at 11:26pm
Why not just temporarily replace cin's rdbuf?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#include <iostream>
#include <sstream>

using namespace std;

int main()
{
    istringstream my_buf("check this out");
    cin.rdbuf(my_buf.rdbuf());
    
    string text;
    while (cin >> text)
    {
        cout << text << endl;
    }
    return 0;
}


You can save off cin's rdbuf and restore it after the fact.

Jan 8, 2010 at 2:47am
Hi guys thanks so much for your responses.

@helios
Ok my goal is to be able to write into the std::cin buffer.
You want to what? I don't think that's possible, but if we assume it is, why would you want to do that?
Well im trying to make a security console application and I am trying to reduce the possibility that the password will get paged to disk from memory. Apparently this is one of the best ways to attack secure data - scour "blank" areas of the hd for data and use that as brute force passwords. So I was inspecting the ram with a hex editor, and realized that cin was keeping a copy of the password in _IGfirst. Apparently, gets() also uses cin or visa versa because they store the password in the same exact memory address. So what im trying to do is 00000 that memory. I could probably do it to if there were a safe way to get that pointer - i'm just out of ideas on how >_<

@jsmith
Yeah, it's not going to be possible because std::cin is going to use the base class anyway,
not your derived class.
Do you think its possible then to make something that inherits cin and use that instead?

@PanGalactic
Why not just temporarily replace cin's rdbuf?
I just implemented your approach... which seems like it could work, but now its not waiting for the endline user input anymore when i run cin, it just parses the given text in my_buf (likely as you designed it). But i need to get this password from a user. Any ideas?

What do you guys think is the best way to keep moving on this??
Any help is so much appreciated - i am a total noobie at this low level - and I do want to learn, I am self taught C++.
Thanks again!!
Last edited on Jan 8, 2010 at 2:49am
Jan 8, 2010 at 3:26am
Aren't you keeping a copy of the password in your own code? A second copy isn't going to do make that much of a difference. And what does std::cin have to do with unused disk space?
Jan 8, 2010 at 3:45am
Aren't you keeping a copy of the password in your own code? A second copy isn't going to do make that much of a difference. And what does std::cin have to do with unused disk space?
No, all copies i keep of the password are overwritten before i free them, and this is done as soon as possible. Cin frees this memory too of course but not always without overwriting it first - hence leaving the possibility that the password will literally be left on the hard drive... therefore any knowledgeable attacker with access to the hd could get it. (if the last thing you input into the program is the password, and you close the program, this is exactly what will happen if the application's memory was being held in virtual memory)
Jan 8, 2010 at 4:16am
The answer, if that is your concern, is to use unbuffered I/O. read() from STDIN_FILENO directly.
Jan 8, 2010 at 6:07am
hence leaving the possibility that the password will literally be left on the hard drive...
When a page is recalled from disk and its contents change, these changes will not be reflected on the copy that remains on disk. Even if the page gets somehow page-outed again, there's no guarantee that it will overwrite the part it originally came from.
Topic archived. No new replies allowed.