Hi, I was trying web proxy basic auth in cpprestsdk for Ubuntu 20, and the leak sanitizer detected memory leaks. I think the problem comes from this function in web_utilities.h:
details::plaintext_string _internal_decrypt() const
{
// Encryption APIs not supported on XP
#if defined(_WIN32) && _WIN32_WINNT >= _WIN32_WINNT_VISTA
return m_password.decrypt();
#else
return details::plaintext_string(new ::utility::string_t(m_password));
#endif
}In the line executed for Linux, that plaintext_string currently has this definition:
typedef std::unique_ptr<::utility::string_t, zero_memory_deleter> plaintext_string;
The problem is that the zero_memory_deleter, defined in web_utilities.cpp, isn't doing anything for Linux:
void zero_memory_deleter::operator()(::utility::string_t* data) const
{
(void)data;
#ifdef _WIN32
SecureZeroMemory(&(*data)[0], data->size() * sizeof(::utility::string_t::value_type));
delete data;
#endif
}So the string is leaked when the plaintext_string is deleted. Shouldn't the delete data part be outside the #ifdef _WIN32 ? Or maybe a different deleter should be used for Linux?
Hi, I was trying web proxy basic auth in cpprestsdk for Ubuntu 20, and the leak sanitizer detected memory leaks. I think the problem comes from this function in web_utilities.h:
In the line executed for Linux, that
plaintext_stringcurrently has this definition:The problem is that the
zero_memory_deleter, defined in web_utilities.cpp, isn't doing anything for Linux:So the string is leaked when the plaintext_string is deleted. Shouldn't the
delete datapart be outside the#ifdef _WIN32? Or maybe a different deleter should be used for Linux?