diff --git a/microscript/ILibDuktape_Helpers.c b/microscript/ILibDuktape_Helpers.c index df495dd..7569a82 100644 --- a/microscript/ILibDuktape_Helpers.c +++ b/microscript/ILibDuktape_Helpers.c @@ -56,7 +56,7 @@ duk_ret_t duk_fixed_buffer_finalizer(duk_context *ctx) { duk_size_t bufLen; char *buf = (char*)Duktape_GetBuffer(ctx, 0, &bufLen); - memset(buf, 0, bufLen); + ILibMemory_SecureZero(buf, bufLen); return(0); } void duk_buffer_enable_autoclear(duk_context *ctx) diff --git a/microscript/ILibDuktape_ScriptContainer.c b/microscript/ILibDuktape_ScriptContainer.c index a2c13c8..09d4d15 100644 --- a/microscript/ILibDuktape_ScriptContainer.c +++ b/microscript/ILibDuktape_ScriptContainer.c @@ -1559,7 +1559,7 @@ void ILibDuktape_ScriptContainer_Engine_free(void *udata, void *ptr) if (ptr != NULL) { ILibDuktape_ScriptContainer_TotalAllocations -= ILibMemory_Size(ptr); - memset(ptr, 0xDEADBEEF, sz); + ILibMemory_SecureZero(ptr, sz); ILibMemory_Free(ptr); } } diff --git a/microstack/ILibParsers.c b/microstack/ILibParsers.c index 2c4cdcc..c717df8 100644 --- a/microstack/ILibParsers.c +++ b/microstack/ILibParsers.c @@ -15,6 +15,12 @@ limitations under the License. */ #define _GNU_SOURCE +#if !defined(WIN32) +#include +#if !defined(MICROSTACK_NOTLS) +#include +#endif +#endif #if defined (__APPLE__) #include #include @@ -1065,15 +1071,37 @@ void* ILibMemory_Init(void *ptr, size_t primarySize, size_t extraSize, ILibMemor return(primary); } +void ILibMemory_SecureZero(void *ptr, size_t len) +{ +#if !defined(MICROSTACK_NOTLS) + OPENSSL_cleanse(ptr, len); +#else + #if defined(WIN32) + SecureZeroMemory(ptr, len); + #else + #ifdef __GLIBC__ + #if (__GLIBC__ > 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 24)) + explicit_bzero(ptr, len); + #else + memset(ptr, 0, len); + __asm__ __volatile__("": : : "memory"); + #endif + #else + memset(ptr, 0, len); + __asm__ __volatile__("": : : "memory"); + #endif + #endif +#endif +} void ILibMemory_Free(void *ptr) { if (ILibMemory_CanaryOK(ptr) && ILibMemory_MemType(ptr) == ILibMemory_Types_HEAP) { if (ILibMemory_ExtraSize(ptr) > 0) { - memset(ILibMemory_RawPtr(ILibMemory_Extra(ptr)), 0, sizeof(ILibMemory_Header)); + ILibMemory_SecureZero(ILibMemory_RawPtr(ILibMemory_Extra(ptr)), sizeof(ILibMemory_Header)); } - memset(ILibMemory_RawPtr(ptr), 0, sizeof(ILibMemory_Header)); + ILibMemory_SecureZero(ILibMemory_RawPtr(ptr), sizeof(ILibMemory_Header)); free(ILibMemory_RawPtr(ptr)); } } diff --git a/microstack/ILibParsers.h b/microstack/ILibParsers.h index fa77e4d..e3e187c 100644 --- a/microstack/ILibParsers.h +++ b/microstack/ILibParsers.h @@ -440,6 +440,7 @@ int ILibIsRunningOnChainThread(void* chain); void* ILibMemory_SmartReAllocate(void *ptr, size_t len); void* ILibMemory_SmartAllocateEx_ResizeExtra(void *ptr, size_t extraSize); + void ILibMemory_SecureZero(void *ptr, size_t len); void ILibMemory_Free(void *ptr); void* ILibMemory_AllocateTemp(void* chain, size_t sz); diff --git a/microstack/ILibWebRTC.c b/microstack/ILibWebRTC.c index fcb5b16..a0f9f4b 100644 --- a/microstack/ILibWebRTC.c +++ b/microstack/ILibWebRTC.c @@ -1141,7 +1141,7 @@ void ILibStun_OnDestroy(void *object) ILibLinkedList_Destroy(obj->StunUsers); if (obj->turnUsername != NULL) { free(obj->turnUsername); obj->turnUsername = NULL; } - if (obj->turnPassword != NULL) { memset(obj->turnPassword, 0, obj->turnPasswordLength); free(obj->turnPassword); obj->turnPassword = NULL; } + if (obj->turnPassword != NULL) { ILibMemory_SecureZero(obj->turnPassword, obj->turnPasswordLength); free(obj->turnPassword); obj->turnPassword = NULL; } ILibLifeTime_Remove(obj->Timer, ILibWebRTC_STUN_TO_PERIODIC_CHECK_TIMER(obj)); if (extraClean == 0) return;