Fix a couple of non-cleared key issues in hidden services

we need to do more hunting, but this fixes the ones mentioned in 2385.

changes/bug2384

@@ -1,5 +1,6 @@
   o Minor bugfixes
     - Zero out a few more keys in memory before freeing them.  Fixes bug
-      2384.  Found by cypherpunks.  Bugfix on 0.0.2pre9.
+      2384 and part of bug 2385.  These key instances found by
+      "cypherpunks".  Bugfix on 0.0.2pre9.
 
 

src/or/rendclient.c

@@ -717,8 +717,10 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
    * attach only the connections that are waiting on this circuit, rather
    * than trying to attach them all. See comments bug 743. */
   connection_ap_attach_pending();
+  memset(keys, 0, sizeof(keys));
   return 0;
  err:
+  memset(keys, 0, sizeof(keys));
   circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
   return -1;
 }

src/or/rendservice.c

@@ -1214,8 +1214,10 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   memcpy(cpath->handshake_digest, keys, DIGEST_LEN);
   if (extend_info) extend_info_free(extend_info);
 
+  memset(keys, 0, sizeof(keys));
   return 0;
  err:
+  memset(keys, 0, sizeof(keys));
   if (dh) crypto_dh_free(dh);
   if (launched)
     circuit_mark_for_close(TO_CIRCUIT(launched), reason);