commit 5b32f238f3a20d00122b2335d9cf7faa9d29c2dd
author Joachim Bauch <jbauch@webrtc.org> Wed Mar 07 20:02:26 2018 +0100
committer Commit Bot <commit-bot@chromium.org> Wed Mar 07 22:06:20 2018 +0000
tree c095ab3138dc3a4339f55aae2e3b4a1c3a4c364b
parent fdd5eae9f451ec4342486d5f65acd679af4e8713

Securely clear memory containing key information / passwords before freeing.

The previously used "memset(ptr, 0, size)" can get optimized away by compilers
if "ptr" is not used afterwards.

A new class "ZeroOnFreeBuffer" is introduced that can hold sensitive data and
that automatically clears underlying memory when it's no longer used.

Bug: webrtc:8806, webrtc:8897, webrtc:8905
Change-Id: Iedddddf80790f9af0addaab3346ec5bff102917d
Reviewed-on: https://webrtc-review.googlesource.com/41941
Commit-Queue: Joachim Bauch <jbauch@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22334}

pc/dtlssrtptransport.h

diff --git a/pc/dtlssrtptransport.h b/pc/dtlssrtptransport.h
index 4f6e697..02002b0 100644
--- a/pc/dtlssrtptransport.h
+++ b/pc/dtlssrtptransport.h
@@ -18,6 +18,7 @@
 #include "p2p/base/dtlstransportinternal.h"
 #include "pc/rtptransportinternaladapter.h"
 #include "pc/srtptransport.h"
+#include "rtc_base/buffer.h"
 
 namespace webrtc {
 
@@ -68,8 +69,8 @@
   void SetupRtcpDtlsSrtp();
   bool ExtractParams(cricket::DtlsTransportInternal* dtls_transport,
                      int* selected_crypto_suite,
-                     std::vector<unsigned char>* send_key,
-                     std::vector<unsigned char>* recv_key);
+                     rtc::ZeroOnFreeBuffer<unsigned char>* send_key,
+                     rtc::ZeroOnFreeBuffer<unsigned char>* recv_key);
   void SetDtlsTransport(cricket::DtlsTransportInternal* new_dtls_transport,
                         cricket::DtlsTransportInternal** old_dtls_transport);
   void SetRtpDtlsTransport(cricket::DtlsTransportInternal* rtp_dtls_transport);