Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Zero a cipher completely before freeing it

We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.
Sebastian Hahn 15 years ago
parent
a7e0b2d6d9
commit
f5112fa487
2 changed files with 4 additions and 1 deletions
Unified View Show Diff Stats
  1. 3 0
      ChangeLog
  2. 1 1
      src/common/aes.c

+ 3 - 0
ChangeLog
View File 

@@ -45,6 +45,9 @@ Changes in version 0.2.2.9-alpha - 2010-02-22
 
     - Fix a spec conformance issue: the network-status-version token
 
     - Fix a spec conformance issue: the network-status-version token
 
       must be the first token in a v3 consensus or vote. Discovered by
 
       must be the first token in a v3 consensus or vote. Discovered by
 
       parakeep. Bugfix on 0.2.0.3-alpha.
 
       parakeep. Bugfix on 0.2.0.3-alpha.
 
+    - When freeing a cipher, zero it out completely. We only zeroed
 
+      the first ptrsize bytes. Bugfix on tor-0.0.2pre8. Discovered
 
+      and patched by ekir. Fixes bug 1254.
 
 
 
   o Code simplifications and refactoring:
 
   o Code simplifications and refactoring:
 
     - Generate our manpage and HTML documentation using Asciidoc. This
 
     - Generate our manpage and HTML documentation using Asciidoc. This

+ 1 - 1
src/common/aes.c
View File 

@@ -268,7 +268,7 @@ aes_free_cipher(aes_cnt_cipher_t *cipher)
 
 #ifdef USE_OPENSSL_EVP
 
 #ifdef USE_OPENSSL_EVP
 
   EVP_CIPHER_CTX_cleanup(&cipher->key);
 
   EVP_CIPHER_CTX_cleanup(&cipher->key);
 
 #endif
 
 #endif
 
-  memset(cipher, 0, sizeof(cipher));
 
+  memset(cipher, 0, sizeof(aes_cnt_cipher_t));
 
   tor_free(cipher);
 
   tor_free(cipher);
 
 }
 
 }