Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Zero a cipher completely before freeing it

We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.
Sebastian Hahn 15 years ago
parent
5e5bc8724e
commit
a9802d3322
2 changed files with 7 additions and 1 deletions
Split View Show Diff Stats
  1. 6 0
      ChangeLog
  2. 1 1
      src/common/aes.c

+ 6 - 0
ChangeLog
View File 

@@ -1,3 +1,9 @@
 
+Changes in version 0.2.1.25 - 2010-??-??
 
+  o Major bugfixes:
 
+    - When freeing a cipher, zero it out completely. We only zeroed
 
+      the first ptrsize bytes. Bugfix on tor-0.0.2pre8. Discovered
 
+      and patched by ekir. Fixes bug 1254.
 
+
 
 Changes in version 0.2.1.24 - 2010-02-21
 
   Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
 
   for sure!

+ 1 - 1
src/common/aes.c
View File 

@@ -267,7 +267,7 @@ aes_free_cipher(aes_cnt_cipher_t *cipher)
 
 #ifdef USE_OPENSSL_EVP
 
   EVP_CIPHER_CTX_cleanup(&cipher->key);
 
 #endif
 
-  memset(cipher, 0, sizeof(cipher));
 
+  memset(cipher, 0, sizeof(aes_cnt_cipher_t));
 
   tor_free(cipher);
 
 }