Merge remote-tracking branch 'origin/maint-0.2.3'

Conflicts: src/common/crypto.c src/or/rendservice.c
author: Nick Mathewson <nickm@torproject.org> 2012-11-08 16:48:04 -0500
committer: Nick Mathewson <nickm@torproject.org> 2012-11-08 16:48:04 -0500
commit: 81deddb08c6b8bf644f663dcdc31720e365f68dc (patch)
tree: 9e67efdfb4451dcc169727dc0e64f8f5bfca95b8 /changes
parent: 9f3f5372b880b3372fd7b9fc98bd3d78f969390a (diff)
parent: 9ad4776e6150a29fdfff607721599eb04c6e76d7 (diff)
download: tor-81deddb08c6b8bf644f663dcdc31720e365f68dc.tar.gz
tor-81deddb08c6b8bf644f663dcdc31720e365f68dc.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/bug7352 b/changes/bug7352
new file mode 100644
index 0000000000..74a878dbe0
--- /dev/null
+++ b/changes/bug7352
@@ -0,0 +1,12 @@
+  o Major bugfixes:
+    - Tor tries to wipe potentially sensitive data after using it, so
+      that if some subsequent security failure exposes Tor's memory,
+      the damage will be limited. But we had a bug where the compiler
+      was eliminating these wipe operations when it decided that the
+      memory was no longer visible to a (correctly running) program,
+      hence defeating our attempt at defense in depth. We fix that
+      by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
+      is unlikely to optimize away. Future versions of Tor may use
+      a less ridiculously heavy approach for this. Fixes bug 7352.
+      Reported in an article by Andrey Karpov.
+
author	Nick Mathewson <nickm@torproject.org>	2012-11-08 16:48:04 -0500
committer	Nick Mathewson <nickm@torproject.org>	2012-11-08 16:48:04 -0500
commit	81deddb08c6b8bf644f663dcdc31720e365f68dc (patch)
tree	9e67efdfb4451dcc169727dc0e64f8f5bfca95b8 /changes
parent	9f3f5372b880b3372fd7b9fc98bd3d78f969390a (diff)
parent	9ad4776e6150a29fdfff607721599eb04c6e76d7 (diff)
download	tor-81deddb08c6b8bf644f663dcdc31720e365f68dc.tar.gz tor-81deddb08c6b8bf644f663dcdc31720e365f68dc.zip