1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 21:17:45 +00:00

LibCore: Add SecretString, a buffer that is zero'd on destruction

We have a few places where we read secrets into memory, and then
do some computation on them. In these cases we should always make
sure we zero the allocations before they are free'd.

The SecureString wrapper provides this abstraction by wrapping a
ByteBuffer and calling explicit_bzero on destruction of the object.
This commit is contained in:
Brian Gianforcaro 2021-09-12 06:54:57 -07:00 committed by Andreas Kling
parent d158f2ed89
commit 3bf6902790
3 changed files with 81 additions and 0 deletions

View file

@ -0,0 +1,38 @@
/*
* Copyright (c) 2021, Brian Gianforcaro <bgianf@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#pragma once
#include <AK/ByteBuffer.h>
#include <AK/Noncopyable.h>
#include <AK/StringView.h>
namespace Core {
class SecretString {
AK_MAKE_NONCOPYABLE(SecretString);
public:
[[nodiscard]] static SecretString take_ownership(char*&, size_t);
[[nodiscard]] static SecretString take_ownership(ByteBuffer&&);
[[nodiscard]] bool is_empty() const { return m_secure_buffer.is_empty(); }
[[nodiscard]] size_t length() const { return m_secure_buffer.size(); }
[[nodiscard]] char const* characters() const { return reinterpret_cast<const char*>(m_secure_buffer.data()); }
[[nodiscard]] StringView view() const { return { characters(), length() }; }
SecretString() = default;
~SecretString();
SecretString(SecretString&&) = default;
SecretString& operator=(SecretString&&) = default;
private:
explicit SecretString(ByteBuffer&&);
ByteBuffer m_secure_buffer;
};
}