Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2

Nick Mathewson 13 years ago
parent
1393985768 ef6fa07e48
commit
a7790d48af
4 changed files with 19 additions and 3 deletions
Split View Show Diff Stats
  1. 6 0
      changes/bug2384
  2. 9 3
      src/common/crypto.c
  3. 2 0
      src/or/rendclient.c
  4. 2 0
      src/or/rendservice.c

+ 6 - 0
changes/bug2384
View File 

@@ -0,0 +1,6 @@
 
+  o Minor bugfixes
 
+    - Zero out a few more keys in memory before freeing them.  Fixes bug
 
+      2384 and part of bug 2385.  These key instances found by
 
+      "cypherpunks".  Bugfix on 0.0.2pre9.
 
+
 
+

+ 9 - 3
src/common/crypto.c
View File 

@@ -569,6 +569,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
 
 
   /* Try to parse it. */
 
   r = crypto_pk_read_private_key_from_string(env, contents, -1);
 
+  memset(contents, 0, strlen(contents));
 
   tor_free(contents);
 
   if (r)
 
     return -1; /* read_private_key_from_string already warned, so we don't.*/
 
@@ -706,6 +707,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
 
   s[len]='\0';
 
   r = write_str_to_file(fname, s, 0);
 
   BIO_free(bio);
 
+  memset(s, 0, strlen(s));
 
   tor_free(s);
 
   return r;
 
 }
 
@@ -1868,7 +1870,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
 
 {
 
   char *secret_tmp = NULL;
 
   BIGNUM *pubkey_bn = NULL;
 
-  size_t secret_len=0;
 
+  size_t secret_len=0, secret_tmp_len=0;
 
   int result=0;
 
   tor_assert(dh);
 
   tor_assert(secret_bytes_out/DIGEST_LEN <= 255);
 
@@ -1882,7 +1884,8 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
 
     log_fn(severity, LD_CRYPTO,"Rejected invalid g^x");
 
     goto error;
 
   }
 
-  secret_tmp = tor_malloc(crypto_dh_get_bytes(dh));
 
+  secret_tmp_len = crypto_dh_get_bytes(dh);
 
+  secret_tmp = tor_malloc(secret_tmp_len);
 
   result = DH_compute_key((unsigned char*)secret_tmp, pubkey_bn, dh->dh);
 
   if (result < 0) {
 
     log_warn(LD_CRYPTO,"DH_compute_key() failed.");
 
@@ -1901,7 +1904,10 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
 
   crypto_log_errors(LOG_WARN, "completing DH handshake");
 
   if (pubkey_bn)
 
     BN_free(pubkey_bn);
 
-  tor_free(secret_tmp);
 
+  if (secret_tmp) {
 
+    memset(secret_tmp, 0, secret_tmp_len);
 
+    tor_free(secret_tmp);
 
+  }
 
   if (result < 0)
 
     return result;
 
   else

+ 2 - 0
src/or/rendclient.c
View File 

@@ -673,8 +673,10 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
 
    * attach only the connections that are waiting on this circuit, rather
 
    * than trying to attach them all. See comments bug 743. */
 
   connection_ap_attach_pending();
 
+  memset(keys, 0, sizeof(keys));
 
   return 0;
 
  err:
 
+  memset(keys, 0, sizeof(keys));
 
   circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
 
   return -1;
 
 }

+ 2 - 0
src/or/rendservice.c
View File 

@@ -1165,8 +1165,10 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
 
   memcpy(cpath->handshake_digest, keys, DIGEST_LEN);
 
   if (extend_info) extend_info_free(extend_info);
 
 
+  memset(keys, 0, sizeof(keys));
 
   return 0;
 
  err:
 
+  memset(keys, 0, sizeof(keys));
 
   if (dh) crypto_dh_free(dh);
 
   if (launched)
 
     circuit_mark_for_close(TO_CIRCUIT(launched), reason);