Added helper method to securely scrub memory

microscript/ILibDuktape_Helpers.c

@@ -56,7 +56,7 @@ duk_ret_t duk_fixed_buffer_finalizer(duk_context *ctx)
 {
 	duk_size_t bufLen;
 	char *buf = (char*)Duktape_GetBuffer(ctx, 0, &bufLen);
-	memset(buf, 0, bufLen);
+	ILibMemory_SecureZero(buf, bufLen);
 	return(0);
 }
 void duk_buffer_enable_autoclear(duk_context *ctx)

microscript/ILibDuktape_ScriptContainer.c

@@ -1559,7 +1559,7 @@ void ILibDuktape_ScriptContainer_Engine_free(void *udata, void *ptr)
 	if (ptr != NULL) 
 	{
 		ILibDuktape_ScriptContainer_TotalAllocations -= ILibMemory_Size(ptr);
-		memset(ptr, 0xDEADBEEF, sz);
+		ILibMemory_SecureZero(ptr, sz);
 		ILibMemory_Free(ptr); 
 	}
 }

microstack/ILibParsers.c

@@ -15,6 +15,12 @@ limitations under the License.
 */
 #define _GNU_SOURCE 
 
+#if !defined(WIN32)
+#include <strings.h>
+#if !defined(MICROSTACK_NOTLS)
+#include <openssl/crypto.h>
+#endif
+#endif
 #if defined (__APPLE__)
 	#include <sys/uio.h>
 	#include <sys/mount.h>
@@ -1065,15 +1071,37 @@ void* ILibMemory_Init(void *ptr, size_t primarySize, size_t extraSize, ILibMemor
 
 	return(primary);
 }
+void ILibMemory_SecureZero(void *ptr, size_t len)
+{
+#if !defined(MICROSTACK_NOTLS)
+	OPENSSL_cleanse(ptr, len);
+#else
+	#if defined(WIN32)
+		SecureZeroMemory(ptr, len);
+	#else
+		#ifdef __GLIBC__
+			#if (__GLIBC__ > 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 24))
+				explicit_bzero(ptr, len);
+			#else
+				memset(ptr, 0, len);
+				__asm__ __volatile__("": : : "memory");
+			#endif
+		#else
+			memset(ptr, 0, len);
+			__asm__ __volatile__("": : : "memory");
+		#endif
+	#endif
+#endif
+}
 void ILibMemory_Free(void *ptr)
 {
 	if (ILibMemory_CanaryOK(ptr) && ILibMemory_MemType(ptr) == ILibMemory_Types_HEAP) 
 	{ 
 		if (ILibMemory_ExtraSize(ptr) > 0)
 		{
-			memset(ILibMemory_RawPtr(ILibMemory_Extra(ptr)), 0, sizeof(ILibMemory_Header));
+			ILibMemory_SecureZero(ILibMemory_RawPtr(ILibMemory_Extra(ptr)), sizeof(ILibMemory_Header));
 		}
-		memset(ILibMemory_RawPtr(ptr), 0, sizeof(ILibMemory_Header)); 
+		ILibMemory_SecureZero(ILibMemory_RawPtr(ptr), sizeof(ILibMemory_Header));
 		free(ILibMemory_RawPtr(ptr)); 
 	}
 }

microstack/ILibParsers.h

@@ -440,6 +440,7 @@ int ILibIsRunningOnChainThread(void* chain);
 	void* ILibMemory_SmartReAllocate(void *ptr, size_t len);
 	void* ILibMemory_SmartAllocateEx_ResizeExtra(void *ptr, size_t extraSize);
 
+	void ILibMemory_SecureZero(void *ptr, size_t len);
 	void ILibMemory_Free(void *ptr);
 	void* ILibMemory_AllocateTemp(void* chain, size_t sz);
 

microstack/ILibWebRTC.c

@@ -1141,7 +1141,7 @@ void ILibStun_OnDestroy(void *object)
 
 	ILibLinkedList_Destroy(obj->StunUsers);
 	if (obj->turnUsername != NULL) { free(obj->turnUsername); obj->turnUsername = NULL; }
-	if (obj->turnPassword != NULL) { memset(obj->turnPassword, 0, obj->turnPasswordLength); free(obj->turnPassword); obj->turnPassword = NULL; }
+	if (obj->turnPassword != NULL) { ILibMemory_SecureZero(obj->turnPassword, obj->turnPasswordLength); free(obj->turnPassword); obj->turnPassword = NULL; }
 
 	ILibLifeTime_Remove(obj->Timer, ILibWebRTC_STUN_TO_PERIODIC_CHECK_TIMER(obj));
 	if (extraClean == 0) return;