rtoolbox/
safe_string.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
use std::convert::Into;
use std::ops::{Deref, DerefMut, Drop};
use std::{ptr, sync::atomic};

/// String that is zeroed when dropped
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct SafeString {
    inner: String,
}

impl SafeString {
    pub fn new() -> SafeString {
        SafeString {
            inner: String::new(),
        }
    }

    pub fn from_string(inner: String) -> SafeString {
        SafeString { inner }
    }

    pub fn into_inner(mut self) -> String {
        std::mem::replace(&mut self.inner, String::new())
    }
}

impl Drop for SafeString {
    fn drop(&mut self) {
        let default = u8::default();

        for c in unsafe { self.inner.as_bytes_mut() } {
            unsafe { ptr::write_volatile(c, default) };
        }

        atomic::fence(atomic::Ordering::SeqCst);
        atomic::compiler_fence(atomic::Ordering::SeqCst);
    }
}

impl Deref for SafeString {
    type Target = String;

    fn deref(&self) -> &String {
        &self.inner
    }
}

impl DerefMut for SafeString {
    fn deref_mut(&mut self) -> &mut Self::Target {
        &mut self.inner
    }
}

impl Into<SafeString> for String {
    fn into(self) -> SafeString {
        SafeString::from_string(self)
    }
}

impl<'a> Into<SafeString> for &'a str {
    fn into(self) -> SafeString {
        self.to_string().into()
    }
}