Clean memory for password before returning to system. (#879)

Author: jianjunz

source/agent/addons/quic/QuicTransportServer.cc

@@ -7,6 +7,7 @@
 #include "QuicTransportServer.h"
 #include "QuicFactory.h"
 #include "QuicTransportStream.h"
+#include "Utils.h"
 #include "owt/quic/quic_transport_factory.h"
 #include "owt/quic/quic_transport_session_interface.h"
 
@@ -55,6 +56,7 @@ NAN_METHOD(QuicTransportServer::newInstance)
     v8::String::Utf8Value pfxPath(Nan::To<v8::String>(info[1]).ToLocalChecked());
     v8::String::Utf8Value password(Nan::To<v8::String>(info[2]).ToLocalChecked());
     QuicTransportServer* obj = new QuicTransportServer(port, *pfxPath, *password);
+    owt_base::Utils::ZeroMemory(*password, password.length());
     obj->Wrap(info.This());
     uv_async_init(uv_default_loop(), &obj->m_asyncOnConnection, &QuicTransportServer::onConnectionCallback);
     info.GetReturnValue().Set(info.This());

source/agent/addons/quic/binding.gyp

@@ -9,6 +9,7 @@
       'QuicTransportConnection.cc',
       '../../../core/owt_base/MediaFramePipeline.cpp',
       '../../../core/owt_base/MediaFrameMulticaster.cpp',
+      '../../../core/owt_base/Utils.cc',
     ],
     'defines':[
       'OWT_ENABLE_QUIC=1',

source/core/owt_base/Utils.cc

@@ -0,0 +1,34 @@
+// Copyright (C) <2021> Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/*
+ *  Copyright 2017 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#include <cstring>
+
+#include <Utils.h>
+
+namespace owt_base {
+
+void Utils::ZeroMemory(void* ptr, size_t len)
+{
+// Implementation of this method is copied from https://source.chromium.org/chromium/chromium/src/+/master:third_party/webrtc/rtc_base/zero_memory.cc;drc=5b32f238f3a20d00122b2335d9cf7faa9d29c2dd;l=23.
+#ifdef WIN32
+    SecureZeroMemory(ptr, len);
+#else
+    memset(ptr, 0, len);
+    __asm__ __volatile__(""
+                         :
+                         : "r"(ptr)
+                         : "memory");
+#endif
+}
+}

source/core/owt_base/Utils.h

@@ -0,0 +1,19 @@
+// Copyright (C) <2021> Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef UTILS_H
+#define UTILS_H
+
+#include <cstddef>
+
+namespace owt_base {
+
+class Utils {
+public:
+    // Fill memory with zeros.
+    static void ZeroMemory(void* ptr, size_t len);
+};
+
+}
+#endif