Refine the memwipe() arguments check for 18089 a little more.

We still silently ignore memwipe(NULL, ch, 0); and memwipe(ptr, ch, 0); /* for ptr != NULL */ But we now assert on: memwipe(NULL, ch, 30);
author: Nick Mathewson <nickm@torproject.org> 2016-01-19 08:28:58 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-02-07 08:33:51 -0500
commit: 6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7 (patch)
tree: ab02641fdcb9e66ea2d00c52be5e999c1d2f7ff7
parent: fb7d1f41b409761be3381efaeec0f56d2a470a9f (diff)
download: tor-6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7.tar.gz
tor-6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index f91391780a..522c1375c9 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2990,9 +2990,11 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
 void
 memwipe(void *mem, uint8_t byte, size_t sz)
 {
-  if (mem == NULL || sz == 0) {
+  if (sz == 0) {
     return;
   }
+  /* If sz is nonzero, then mem must not be NULL. */
+  tor_assert(mem != NULL);
 
   /* Data this large is likely to be an underflow. */
   tor_assert(sz < SIZE_T_CEILING);
author	Nick Mathewson <nickm@torproject.org>	2016-01-19 08:28:58 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-02-07 08:33:51 -0500
commit	6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7 (patch)
tree	ab02641fdcb9e66ea2d00c52be5e999c1d2f7ff7
parent	fb7d1f41b409761be3381efaeec0f56d2a470a9f (diff)
download	tor-6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7.tar.gz tor-6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7.zip