memory leak in Linux using credentials class for basic auth

[jyanezt]

Hi, I was trying web proxy basic auth in cpprestsdk for Ubuntu 20, and the leak sanitizer detected memory leaks. I think the problem comes from this function in web_utilities.h:

    details::plaintext_string _internal_decrypt() const
    {
        // Encryption APIs not supported on XP
#if defined(_WIN32) && _WIN32_WINNT >= _WIN32_WINNT_VISTA
        return m_password.decrypt();
#else
        return details::plaintext_string(new ::utility::string_t(m_password));
#endif
    }

In the line executed for Linux, that plaintext_string currently has this definition:

typedef std::unique_ptr<::utility::string_t, zero_memory_deleter> plaintext_string;

The problem is that the zero_memory_deleter, defined in web_utilities.cpp, isn't doing anything for Linux:

void zero_memory_deleter::operator()(::utility::string_t* data) const
{
    (void)data;
#ifdef _WIN32
    SecureZeroMemory(&(*data)[0], data->size() * sizeof(::utility::string_t::value_type));
    delete data;
#endif
}

So the string is leaked when the plaintext_string is deleted. Shouldn't the delete data part be outside the #ifdef _WIN32 ? Or maybe a different deleter should be used for Linux?