fix: after code review

2026-04-01 17:32:52 +02:00 · 2026-04-01 17:32:52 +02:00 · ec3f3a64cc
commit ec3f3a64cc
parent 0d88de3bef
4 changed files with 122 additions and 162 deletions
--- a/nomyo/SecureMemory.py
+++ b/nomyo/SecureMemory.py
@ -24,6 +24,7 @@ Python's immutable bytes objects cannot be securely zeroed in place.
 import ctypes
 import logging
 import sys
+import threading
 from contextlib import contextmanager
 from enum import Enum
 from typing import Optional, Union
@ -230,7 +231,7 @@ class SecureMemory:
    def _init_windows(self):
        """Initialize Windows-specific functions (VirtualLock + RtlZeroMemory)"""
        try:
-            kernel32 = ctypes.windll.kernel32
+            kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)

            # Get page size
            class SYSTEM_INFO(ctypes.Structure):
@ -429,8 +430,6 @@ class SecureMemory:
            logger.debug(f"Memory lock failed: {e}")
            return False

-        return False
-
    def _unlock_memory_at(self, addr: int, size: int) -> bool:
        """
        Unlock memory at a specific address.
@ -472,8 +471,6 @@ class SecureMemory:
            logger.debug(f"Memory unlock failed: {e}")
            return False

-        return False
-
    def _zero_memory_at(self, addr: int, size: int) -> None:
        """
        Securely zero memory at a specific address.
@ -655,13 +652,16 @@ class SecureMemory:

 # Global secure memory instance
 _secure_memory: Optional[SecureMemory] = None
+_secure_memory_lock = threading.Lock()


 def _get_secure_memory() -> SecureMemory:
    """Get or create the global SecureMemory instance."""
    global _secure_memory
    if _secure_memory is None:
-        _secure_memory = SecureMemory()
+        with _secure_memory_lock:
+            if _secure_memory is None:
+                _secure_memory = SecureMemory()
    return _secure_memory


@ -763,7 +763,8 @@ def disable_secure_memory() -> None:
    This is useful for testing or when security is not required.
    """
    global _secure_memory
-    _secure_memory = SecureMemory(enable=False)
+    with _secure_memory_lock:
+        _secure_memory = SecureMemory(enable=False)
    logger.info("Secure memory operations disabled globally")


@ -774,5 +775,6 @@ def enable_secure_memory() -> None:
    This reinitializes the secure memory handler with security enabled.
    """
    global _secure_memory
-    _secure_memory = SecureMemory(enable=True)
+    with _secure_memory_lock:
+        _secure_memory = SecureMemory(enable=True)
    logger.info("Secure memory operations re-enabled globally")