Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a90affa84b
Branches Tags
tor
/
changes
/
bug7352

bug7352 687 B
History Raw

123456789101112 
  1.   o Major bugfixes:
    2. 

  2.     - Tor tries to wipe potentially sensitive data after using it, so
    3. 

  3.       that if some subsequent security failure exposes Tor's memory,
    4. 

  4.       the damage will be limited. But we had a bug where the compiler
    5. 

  5.       was eliminating these wipe operations when it decided that the
    6. 

  6.       memory was no longer visible to a (correctly running) program,
    7. 

  7.       hence defeating our attempt at defense in depth. We fix that
    8. 

  8.       by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
    9. 

  9.       is unlikely to optimize away. Future versions of Tor may use
    10. 

  10.       a less ridiculously heavy approach for this. Fixes bug 7352.
    11. 

  11.       Reported in an article by Andrey Karpov.
    12. 

  12.