c - Is explicitly clearing/zeroing sensitive variables after use sensible?

Question

I have noticed some programs explicitly zero sensitive memory allocations after use. For example, OpenSSL has a method to clear the memory occupied by an RSA key:

"Frees the RSA structure rsa. This function should always be used to free the RSA structure as it also frees sub-fields safely by clearing memory first."

http://www.rsa.com/products/bsafe/documentation/sslc251html/group__COMMON__RSA__KEY__FUNCS.html#aRSA_free

Where any (C/C++) program contains sensitive variables like this, should you explicitly zero the memory, as above? (Or, is zero'ing memory an act of paranoia or just a safeguard)?

Also, when a program finishes, any allocated memory is eventually allocated to another program. On a Linux system, is the memory cleaned or sanitised before being allocated to another program? Or, can the second program read some of the old memory contents of the first program?

Answer 1

On a Linux system, is the memory cleaned or sanitised before being allocated to another program?

Yes, on any respectable desktop OS, memory is sanitised when passed from a process to another. The cleaning step that you have observed is to protect from other attacks, from code executing in the same address space or obtaining privileges allowing it to read memory from the target process's memory space.

Where any (C/C++) program contains sensitive variables like this, should you explicitly zero the memory, as above?

It's a very sensible safeguard to erase this sensitive data as soon as you don't need it any more.