Unit test for secure allocator and tests for secure destruction

Christopher Dawes · Christopher Dawes · commit d57c64c52f79 · 2016-02-04T14:21:10.000Z
diff --git a/include/json/allocator.h b/include/json/allocator.h
@@ -5,6 +5,7 @@
 #ifndef CPPTL_JSON_ALLOCATOR_H_INCLUDED
 #define CPPTL_JSON_ALLOCATOR_H_INCLUDED
 
+#include <algorithm> //std::filln
 #include <cstring> // std::memset
 #include <cstddef> // std::size_t, std::ptrdiff_t
 #include <utility> // std::forward
@@ -33,16 +34,47 @@ class JSON_API SecureAllocator {
     using difference_type = std::ptrdiff_t;
 
     /**
-     * Release memory which was allocated for N items at pointer P.
-     *
-     * The memory block is filled with zeroes before being released.
-     * The pointer argument is tagged as "volatile" to prevent the
-     * compiler optimizing out this critical step.
-     */
-    void deallocate(volatile pointer p, size_type n) {
-      std::fill_n((volatile char*)p, n * sizeof(value_type), 0);
-      std::allocator<T>::deallocate(p, n);
-    }
+	 * Allocate memory for N items using the standard allocator.
+	 */
+	pointer allocate(size_type n) {
+		// allocate using "global operator new"
+		return static_cast<pointer>(::operator new(n * sizeof(T)));
+	}
+
+	/**
+	 * Release memory which was allocated for N items at pointer P.
+	 *
+	 * The memory block is filled with zeroes before being released.
+	 * The pointer argument is tagged as "volatile" to prevent the
+	 * compiler optimizing out this critical step.
+	 */
+	void deallocate(volatile pointer p, size_type n) {
+		std::fill_n((volatile char*)p, n * sizeof(value_type), 0);
+		// free using "global operator delete"
+		::operator delete(p);
+	}
+
+	/**
+	 * Construct an item in-place at pointer P.
+	 */
+	template<typename... Args>
+	void construct(pointer p, Args&&... args) {
+		// construct using "placement new" and "perfect forwarding"
+		::new (static_cast<void*>(p)) T(std::forward<Args>(args)...);
+	}
+
+	/**
+	 * Destroy an item in-place at pointer P.
+	 */
+	void destroy(pointer p) {
+		// destroy using "explicit destructor"
+		p->~T();
+	}
+
+	// Boilerplate
+	SecureAllocator() {}
+	template<typename U> SecureAllocator(const SecureAllocator<U>&) {}
+	template<typename U> struct rebind { using other = SecureAllocator<U>; };
 };
 
 template<typename T, typename U>
diff --git a/include/json/json.h b/include/json/json.h
@@ -6,6 +6,7 @@
 #ifndef JSON_JSON_H_INCLUDED
 #define JSON_JSON_H_INCLUDED
 
+#include "allocator.h"
 #include "autolink.h"
 #include "value.h"
 #include "reader.h"
diff --git a/include/json/writer.h b/include/json/writer.h
@@ -62,7 +62,7 @@ std::basic_string<char, _Traits, _Alloc> valueToQuotedStringN(const char* value,
     // sequence from occurring.
     default:
       if ((WriterUtils::isControlCharacter(*c)) || (*c == 0)) {
-        std::ostringstream oss;
+    	  std::basic_ostringstream<char, _Traits, _Alloc> oss;
         oss << "\\u" << std::hex << std::uppercase << std::setfill('0')
             << std::setw(4) << static_cast<int>(*c);
         result += oss.str();
@@ -201,7 +201,7 @@ std::basic_string<char, _Traits, _Alloc> valueToQuotedString(const char* value)
     // sequence from occurring.
     default:
       if (WriterUtils::isControlCharacter(*c)) {
-        std::ostringstream oss;
+    	std::basic_ostringstream<char, _Traits, _Alloc> oss;
         oss << "\\u" << std::hex << std::uppercase << std::setfill('0')
             << std::setw(4) << static_cast<int>(*c);
         result += oss.str();
@@ -241,7 +241,7 @@ std::basic_string<char, _Traits, _Alloc> JSON_API writeString(typename StreamWri
 #else
   typedef std::auto_ptr<StreamWriter<_Traits, _Alloc>>   StreamWriterPtr;
 #endif
-  std::ostringstream sout;
+  std::basic_ostringstream<char, _Traits, _Alloc> sout;
   StreamWriterPtr const writer(builder.newStreamWriter());
   writer->write(root, &sout);
   return sout.str();
diff --git a/src/test_lib_json/main.cpp b/src/test_lib_json/main.cpp
@@ -2519,6 +2519,20 @@ JSONTEST_FIXTURE(RValueTest, moveConstruction) {
 #endif
 }
 
+struct TestSecureAllocator : JsonTest::TestCase {};
+
+JSONTEST_FIXTURE(TestSecureAllocator, secureDestruction) {
+	using TestSecureValue = Json::Value<std::char_traits<char>, Json::SecureAllocator<char>>;
+
+	TestSecureValue myValue;
+	myValue["foo"] = "bar baz";
+	JSONTEST_ASSERT_EQUAL(Json::stringValue, myValue["foo"]);
+	JSONTEST_ASSERT_EQUAL(TestSecureValue("bar baz"), myValue["foo"]);
+
+	myValue["bar"] = 1234;
+	JSONTEST_ASSERT_EQUAL(TestSecureValue(1234), myValue["bar"]);
+}
+
 int main(int argc, const char* argv[]) {
   JsonTest::Runner runner;
   JSONTEST_REGISTER_FIXTURE(runner, ValueTest, checkNormalizeFloatingPointStr);
@@ -2594,5 +2608,7 @@ int main(int argc, const char* argv[]) {
 
   JSONTEST_REGISTER_FIXTURE(runner, RValueTest, moveConstruction);
 
+  JSONTEST_REGISTER_FIXTURE(runner, TestSecureAllocator, secureDestruction);
+
   return runner.runCommandLine(argc, argv);
 }
