Added helper method to securely scrub memory

2025-12-18 09:13:14 +00:00 · 2020-10-16 18:48:25 -07:00
parent f5906fac77
commit d895d92e07
5 changed files with 34 additions and 5 deletions
--- a/microscript/ILibDuktape_Helpers.c
+++ b/microscript/ILibDuktape_Helpers.c
@@ -56,7 +56,7 @@ duk_ret_t duk_fixed_buffer_finalizer(duk_context *ctx)
 {
 	duk_size_t bufLen;
 	char *buf = (char*)Duktape_GetBuffer(ctx, 0, &bufLen);
-	memset(buf, 0, bufLen);
+	ILibMemory_SecureZero(buf, bufLen);
 	return(0);
 }
 void duk_buffer_enable_autoclear(duk_context *ctx)
--- a/microscript/ILibDuktape_ScriptContainer.c
+++ b/microscript/ILibDuktape_ScriptContainer.c
@@ -1559,7 +1559,7 @@ void ILibDuktape_ScriptContainer_Engine_free(void *udata, void *ptr)
 	if (ptr != NULL) 
 	{
 		ILibDuktape_ScriptContainer_TotalAllocations -= ILibMemory_Size(ptr);
-		memset(ptr, 0xDEADBEEF, sz);
+		ILibMemory_SecureZero(ptr, sz);
 		ILibMemory_Free(ptr); 
 	}
 }
--- a/microstack/ILibParsers.c
+++ b/microstack/ILibParsers.c
@@ -15,6 +15,12 @@ limitations under the License.
 */
 #define _GNU_SOURCE 
 #if !defined(WIN32)
 #include <strings.h>
 #if !defined(MICROSTACK_NOTLS)
 #include <openssl/crypto.h>
 #endif
 #endif
 #if defined (__APPLE__)
 	#include <sys/uio.h>
 	#include <sys/mount.h>
@@ -1065,15 +1071,37 @@ void* ILibMemory_Init(void *ptr, size_t primarySize, size_t extraSize, ILibMemor
 	return(primary);
 }
 void ILibMemory_SecureZero(void *ptr, size_t len)
 {
 #if !defined(MICROSTACK_NOTLS)
 	OPENSSL_cleanse(ptr, len);
 #else
 	#if defined(WIN32)
 		SecureZeroMemory(ptr, len);
 	#else
 		#ifdef __GLIBC__
 			#if (__GLIBC__ > 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 24))
 				explicit_bzero(ptr, len);
 			#else
 				memset(ptr, 0, len);
 				__asm__ __volatile__("": : : "memory");
 			#endif
 		#else
 			memset(ptr, 0, len);
 			__asm__ __volatile__("": : : "memory");
 		#endif
 	#endif
 #endif
 }
 void ILibMemory_Free(void *ptr)
 {
 	if (ILibMemory_CanaryOK(ptr) && ILibMemory_MemType(ptr) == ILibMemory_Types_HEAP) 
 	{ 
 		if (ILibMemory_ExtraSize(ptr) > 0)
 		{
-			memset(ILibMemory_RawPtr(ILibMemory_Extra(ptr)), 0, sizeof(ILibMemory_Header));
+			ILibMemory_SecureZero(ILibMemory_RawPtr(ILibMemory_Extra(ptr)), sizeof(ILibMemory_Header));
 		}
-		memset(ILibMemory_RawPtr(ptr), 0, sizeof(ILibMemory_Header)); 
+		ILibMemory_SecureZero(ILibMemory_RawPtr(ptr), sizeof(ILibMemory_Header));
 		free(ILibMemory_RawPtr(ptr)); 
 	}
 }
--- a/microstack/ILibParsers.h
+++ b/microstack/ILibParsers.h
@@ -440,6 +440,7 @@ int ILibIsRunningOnChainThread(void* chain);
 	void* ILibMemory_SmartReAllocate(void *ptr, size_t len);
 	void* ILibMemory_SmartAllocateEx_ResizeExtra(void *ptr, size_t extraSize);
 	void ILibMemory_SecureZero(void *ptr, size_t len);
 	void ILibMemory_Free(void *ptr);
 	void* ILibMemory_AllocateTemp(void* chain, size_t sz);
--- a/microstack/ILibWebRTC.c
+++ b/microstack/ILibWebRTC.c
@@ -1141,7 +1141,7 @@ void ILibStun_OnDestroy(void *object)
 	ILibLinkedList_Destroy(obj->StunUsers);
 	if (obj->turnUsername != NULL) { free(obj->turnUsername); obj->turnUsername = NULL; }
-	if (obj->turnPassword != NULL) { memset(obj->turnPassword, 0, obj->turnPasswordLength); free(obj->turnPassword); obj->turnPassword = NULL; }
+	if (obj->turnPassword != NULL) { ILibMemory_SecureZero(obj->turnPassword, obj->turnPasswordLength); free(obj->turnPassword); obj->turnPassword = NULL; }
 	ILibLifeTime_Remove(obj->Timer, ILibWebRTC_STUN_TO_PERIODIC_CHECK_TIMER(obj));
 	if (extraClean == 0) return;