Browse Source

Refine the memwipe() arguments check for 18089 a little more.

We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
Nick Mathewson 8 years ago
parent
commit
6cb8c0fd4e
1 changed files with 3 additions and 1 deletions
  1. 3 1
      src/common/crypto.c

+ 3 - 1
src/common/crypto.c

@@ -2990,9 +2990,11 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
 void
 memwipe(void *mem, uint8_t byte, size_t sz)
 {
-  if (mem == NULL || sz == 0) {
+  if (sz == 0) {
     return;
   }
+  /* If sz is nonzero, then mem must not be NULL. */
+  tor_assert(mem != NULL);
 
   /* Data this large is likely to be an underflow. */
   tor_assert(sz < SIZE_T_CEILING);