The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
Other
7.96k
stars
1.65k
forks
source link
memory leak in Linux using credentials class for basic auth #1696
Hi, I was trying web proxy basic auth in cpprestsdk for Ubuntu 20, and the leak sanitizer detected memory leaks. I think the problem comes from this function in web_utilities.h:
details::plaintext_string _internal_decrypt() const
{
// Encryption APIs not supported on XP
#if defined(_WIN32) && _WIN32_WINNT >= _WIN32_WINNT_VISTA
return m_password.decrypt();
#else
return details::plaintext_string(new ::utility::string_t(m_password));
#endif
}
In the line executed for Linux, that plaintext_string currently has this definition:
So the string is leaked when the plaintext_string is deleted. Shouldn't the delete data part be outside the #ifdef _WIN32 ? Or maybe a different deleter should be used for Linux?
Hi, I was trying web proxy basic auth in cpprestsdk for Ubuntu 20, and the leak sanitizer detected memory leaks. I think the problem comes from this function in web_utilities.h:
In the line executed for Linux, that
plaintext_stringcurrently has this definition:The problem is that the
zero_memory_deleter, defined in web_utilities.cpp, isn't doing anything for Linux:So the string is leaked when the plaintext_string is deleted. Shouldn't the
delete datapart be outside the#ifdef _WIN32? Or maybe a different deleter should be used for Linux?