6 releases (1 stable)

1.0.0 Nov 23, 2019
0.1.4 Mar 9, 2019
0.1.1 Jan 21, 2019

#233 in Memory management

Used in cryptobox

BSD-2-Clause OR MIT

186 lines

BSD-2-Clause License MIT License docs.rs crates.io Download numbers dependency status Travis CI Appveyor CI


This crate provides the securely overwriting memory allocator MAProper ๐Ÿงน

What is MAProper

MAProper is an extension around std::alloc::System which ensures that the allocated memory is always erased before it is deallocated by using one of memset_s/SecureZeroMemory/explicit_bzero/explicit_memset.

Whats the purpose of MAProper

MAProper becomes handy if you're dealing with a lot of sensitive data: because the memory management of dynamically allocating types like Vec or String is opaque, you basically have no real chance to reliably trace and erase their sensitive contents.

However they all use the global allocator โ€“ so all ways lead to Rome (or in this case to the global allocator's alloc and dealloc functions) โ€“ which is where MAProper is sitting and waiting to take care of the discarded memory.

Using MAProper as global allocator (example)

static MA_PROPER: ma_proper::MAProper = ma_proper::MAProper;

fn main() {
	// This `Vec` will allocate memory through `MA_PROPER` above
	let mut v = Vec::new();


Please note that MAProper only erases memory that is deallocated properly. This especially means that:

  • stack items are not erased by this allocator โ€“ to erase stack memory, we expose MAProper::erase_slice and MAProper::erase_ptr<T> so that you can erase them manually if necessary
  • depending on your panic-policy and your Rc/Arc use (retain-cycles), the destructor (and thus the deallocator) may never be called

No runtime deps