diff options
| author | George Kadianakis <desnacked@riseup.net> | 2020-08-11 14:53:03 +0300 |
|---|---|---|
| committer | George Kadianakis <desnacked@riseup.net> | 2020-08-11 14:53:03 +0300 |
| commit | ab9c35f04353c00323068ec5dc46b2995a9b69bf (patch) | |
| tree | 390a3b4f064551449dddd4474fe7f2a6c2bc7b89 | |
| parent | 7d80bf80fe9017e04fff4b588f49d0393332ebee (diff) | |
| parent | ea876ab00e223b0c1ba022cc27861cfbbde31b64 (diff) | |
| download | tor-ab9c35f04353c00323068ec5dc46b2995a9b69bf.tar.gz tor-ab9c35f04353c00323068ec5dc46b2995a9b69bf.zip | |
Merge remote-tracking branch 'tor-gitlab/mr/102' into maint-0.4.4
| -rw-r--r-- | changes/ticket6198 | 3 | ||||
| -rw-r--r-- | src/core/mainloop/connection.c | 8 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_util.c | 14 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_util.h | 10 |
4 files changed, 31 insertions, 4 deletions
diff --git a/changes/ticket6198 b/changes/ticket6198 new file mode 100644 index 0000000000..7f3fdf2fa7 --- /dev/null +++ b/changes/ticket6198 @@ -0,0 +1,3 @@ + o Minor features (defense in depth): + - Wipe more data from connection address fields before returning them to + the memory heap. Closes ticket 6198. diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index 36adc43d1e..fd5bf879c5 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -646,7 +646,7 @@ connection_free_minimal(connection_t *conn) } } - tor_free(conn->address); + tor_str_wipe_and_free(conn->address); if (connection_speaks_cells(conn)) { or_connection_t *or_conn = TO_OR_CONN(conn); @@ -666,7 +666,7 @@ connection_free_minimal(connection_t *conn) } or_handshake_state_free(or_conn->handshake_state); or_conn->handshake_state = NULL; - tor_free(or_conn->nickname); + tor_str_wipe_and_free(or_conn->nickname); if (or_conn->chan) { /* Owww, this shouldn't happen, but... */ channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan); @@ -686,8 +686,8 @@ connection_free_minimal(connection_t *conn) } if (conn->type == CONN_TYPE_AP) { entry_connection_t *entry_conn = TO_ENTRY_CONN(conn); - tor_free(entry_conn->chosen_exit_name); - tor_free(entry_conn->original_dest_address); + tor_str_wipe_and_free(entry_conn->chosen_exit_name); + tor_str_wipe_and_free(entry_conn->original_dest_address); if (entry_conn->socks_request) socks_request_free(entry_conn->socks_request); if (entry_conn->pending_optimistic_data) { diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c index 60e81af165..7ebb860d09 100644 --- a/src/lib/crypt_ops/crypto_util.c +++ b/src/lib/crypt_ops/crypto_util.c @@ -107,3 +107,17 @@ memwipe(void *mem, uint8_t byte, size_t sz) **/ memset(mem, byte, sz); } + +/** + * Securely all memory in <b>str</b>, then free it. + * + * As tor_free(), tolerates null pointers. + **/ +void +tor_str_wipe_and_free_(char *str) +{ + if (!str) + return; + memwipe(str, 0, strlen(str)); + tor_free_(str); +} diff --git a/src/lib/crypt_ops/crypto_util.h b/src/lib/crypt_ops/crypto_util.h index 4c08180f92..36ee230176 100644 --- a/src/lib/crypt_ops/crypto_util.h +++ b/src/lib/crypt_ops/crypto_util.h @@ -14,8 +14,18 @@ #define TOR_CRYPTO_UTIL_H #include "lib/cc/torint.h" +#include "lib/malloc/malloc.h" /** OpenSSL-based utility functions. */ void memwipe(void *mem, uint8_t byte, size_t sz); +void tor_str_wipe_and_free_(char *str); +/** + * Securely all memory in <b>str</b>, then free it. + * + * As tor_free(), tolerates null pointers, and sets <b>str</b> to NULL. + **/ +#define tor_str_wipe_and_free(str) \ + FREE_AND_NULL(char, tor_str_wipe_and_free_, (str)) + #endif /* !defined(TOR_CRYPTO_UTIL_H) */ |