We used to only zero the first ptrsize bytes of the cipher. Since cipher is large enough, we didn't zero too many bytes. Discovered and fixed by ekir. Fixes bug 1254.
@@ -1,3 +1,9 @@
+Changes in version 0.2.1.25 - 2010-??-??
+ o Major bugfixes:
+ - When freeing a cipher, zero it out completely. We only zeroed
+ the first ptrsize bytes. Bugfix on tor-0.0.2pre8. Discovered
+ and patched by ekir. Fixes bug 1254.
+
Changes in version 0.2.1.24 - 2010-02-21
Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
for sure!
@@ -267,7 +267,7 @@ aes_free_cipher(aes_cnt_cipher_t *cipher)
#ifdef USE_OPENSSL_EVP
EVP_CIPHER_CTX_cleanup(&cipher->key);
#endif
- memset(cipher, 0, sizeof(cipher));
+ memset(cipher, 0, sizeof(aes_cnt_cipher_t));
tor_free(cipher);
}