diff options
author | Nick Mathewson <nickm@torproject.org> | 2011-01-15 14:17:59 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2011-01-15 14:17:59 -0500 |
commit | 07888ed8e431b10d21d18e86092e20ddef0a2bca (patch) | |
tree | 02a81faf9ef9ff526a490f7c7c5c41d51ee59428 | |
parent | 1758ef51de8b44141184a36bcd36dea349d9e65d (diff) | |
parent | a7790d48af73760a2ae10fcff70b319914316b90 (diff) | |
download | tor-07888ed8e431b10d21d18e86092e20ddef0a2bca.tar.gz tor-07888ed8e431b10d21d18e86092e20ddef0a2bca.zip |
Merge remote branch 'origin/maint-0.2.2'
-rw-r--r-- | changes/bug2384 | 6 | ||||
-rw-r--r-- | src/common/crypto.c | 12 | ||||
-rw-r--r-- | src/or/rendclient.c | 2 | ||||
-rw-r--r-- | src/or/rendservice.c | 2 |
4 files changed, 19 insertions, 3 deletions
diff --git a/changes/bug2384 b/changes/bug2384 new file mode 100644 index 0000000000..ded5eee992 --- /dev/null +++ b/changes/bug2384 @@ -0,0 +1,6 @@ + o Minor bugfixes + - Zero out a few more keys in memory before freeing them. Fixes bug + 2384 and part of bug 2385. These key instances found by + "cypherpunks". Bugfix on 0.0.2pre9. + + diff --git a/src/common/crypto.c b/src/common/crypto.c index 668851a93f..1c0b21f722 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -569,6 +569,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, /* Try to parse it. */ r = crypto_pk_read_private_key_from_string(env, contents, -1); + memset(contents, 0, strlen(contents)); tor_free(contents); if (r) return -1; /* read_private_key_from_string already warned, so we don't.*/ @@ -706,6 +707,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env, s[len]='\0'; r = write_str_to_file(fname, s, 0); BIO_free(bio); + memset(s, 0, strlen(s)); tor_free(s); return r; } @@ -1868,7 +1870,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh, { char *secret_tmp = NULL; BIGNUM *pubkey_bn = NULL; - size_t secret_len=0; + size_t secret_len=0, secret_tmp_len=0; int result=0; tor_assert(dh); tor_assert(secret_bytes_out/DIGEST_LEN <= 255); @@ -1882,7 +1884,8 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh, log_fn(severity, LD_CRYPTO,"Rejected invalid g^x"); goto error; } - secret_tmp = tor_malloc(crypto_dh_get_bytes(dh)); + secret_tmp_len = crypto_dh_get_bytes(dh); + secret_tmp = tor_malloc(secret_tmp_len); result = DH_compute_key((unsigned char*)secret_tmp, pubkey_bn, dh->dh); if (result < 0) { log_warn(LD_CRYPTO,"DH_compute_key() failed."); @@ -1901,7 +1904,10 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh, crypto_log_errors(LOG_WARN, "completing DH handshake"); if (pubkey_bn) BN_free(pubkey_bn); - tor_free(secret_tmp); + if (secret_tmp) { + memset(secret_tmp, 0, secret_tmp_len); + tor_free(secret_tmp); + } if (result < 0) return result; else diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 1907d5a6cd..255c16bf08 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -674,8 +674,10 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request, * attach only the connections that are waiting on this circuit, rather * than trying to attach them all. See comments bug 743. */ connection_ap_attach_pending(); + memset(keys, 0, sizeof(keys)); return 0; err: + memset(keys, 0, sizeof(keys)); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); return -1; } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 9f364b0a85..c920ecf040 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1166,8 +1166,10 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, memcpy(cpath->handshake_digest, keys, DIGEST_LEN); if (extend_info) extend_info_free(extend_info); + memset(keys, 0, sizeof(keys)); return 0; err: + memset(keys, 0, sizeof(keys)); if (dh) crypto_dh_free(dh); if (launched) circuit_mark_for_close(TO_CIRCUIT(launched), reason); |