Clear socks auth fields before free

src/or/buffers.c

@@ -1532,8 +1532,14 @@ socks_request_free(socks_request_t *req)
 {
   if (!req)
     return;
-  tor_free(req->username);
-  tor_free(req->password);
+  if (req->username) {
+    memset(req->username, 0x10, req->usernamelen);
+    tor_free(req->username);
+  }
+  if (req->password) {
+    memset(req->password, 0x04, req->passwordlen);
+    tor_free(req->password);
+  }
   memset(req, 0xCC, sizeof(socks_request_t));
   tor_free(req);
 }

src/or/circuitlist.c

@@ -552,8 +552,14 @@ circuit_free(circuit_t *circ)
     rend_data_free(ocirc->rend_data);
 
     tor_free(ocirc->dest_address);
-    tor_free(ocirc->socks_username);
-    tor_free(ocirc->socks_password);
+    if (ocirc->socks_username) {
+      memset(ocirc->socks_username, 0x12, ocirc->socks_username_len);
+      tor_free(ocirc->socks_username);
+    }
+    if (ocirc->socks_password) {
+      memset(ocirc->socks_password, 0x06, ocirc->socks_password_len);
+      tor_free(ocirc->socks_password);
+    }
   } else {
     or_circuit_t *ocirc = TO_OR_CIRCUIT(circ);
     /* Remember cell statistics for this circuit before deallocating. */

src/or/connection_edge.c

@@ -3569,8 +3569,14 @@ circuit_clear_isolation(origin_circuit_t *circ)
   tor_free(circ->dest_address);
   circ->session_group = -1;
   circ->nym_epoch = 0;
-  tor_free(circ->socks_username);
-  tor_free(circ->socks_password);
+  if (circ->socks_username) {
+    memset(circ->socks_username, 0x11, circ->socks_username_len);
+    tor_free(circ->socks_username);
+  }
+  if (circ->socks_password) {
+    memset(circ->socks_password, 0x05, circ->socks_password_len);
+    tor_free(circ->socks_password);
+  }
   circ->socks_username_len = circ->socks_password_len = 0;
 }