Securely clear memory containing key information / passwords before freeing.

The previously used "memset(ptr, 0, size)" can get optimized away by compilers if "ptr" is not used afterwards. A new class "ZeroOnFreeBuffer" is introduced that can hold sensitive data and that automatically clears underlying memory when it's no longer used. Bug: webrtc:8806, webrtc:8897, webrtc:8905 Change-Id: Iedddddf80790f9af0addaab3346ec5bff102917d Reviewed-on: https://webrtc-review.googlesource.com/41941 Commit-Queue: Joachim Bauch <jbauch@webrtc.org> Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#22334}
2018-03-07 20:02:26 +01:00
parent fdd5eae9f4
commit 5b32f238f3
16 changed files with 191 additions and 128 deletions
--- a/rtc_base/BUILD.gn
+++ b/rtc_base/BUILD.gn
@ -259,6 +259,8 @@ rtc_source_set("rtc_base_approved_generic") {
    "timeutils.cc",
    "timeutils.h",
    "trace_event.h",
+    "zero_memory.cc",
+    "zero_memory.h",
  ]

  deps += [
@ -675,8 +677,6 @@ rtc_static_library("rtc_base_generic") {
    "stream.h",
    "thread.cc",
    "thread.h",
-    "zero_memory.cc",
-    "zero_memory.h",
  ]

  visibility = [
@ -1002,6 +1002,7 @@ if (rtc_include_tests) {
      "timestampaligner_unittest.cc",
      "timeutils_unittest.cc",
      "virtualsocket_unittest.cc",
+      "zero_memory_unittest.cc",
    ]
    deps = [
      ":checks",
@ -1120,7 +1121,6 @@ if (rtc_include_tests) {
      "stream_unittest.cc",
      "testclient_unittest.cc",
      "thread_unittest.cc",
-      "zero_memory_unittest.cc",
    ]
    if (is_win) {
      sources += [