summaryrefslogtreecommitdiff
path: root/src/or/circuitlist.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-02-07 16:10:33 +0000
committerNick Mathewson <nickm@torproject.org>2008-02-07 16:10:33 +0000
commiteecc44dab8ad98246b2c4dbedf977113f1874f77 (patch)
treed1b52922bb8a1d03919bf0422ab2ea5e320e0ad3 /src/or/circuitlist.c
parent842a33ff20f1da87d64ae3922eab135dc37bde16 (diff)
downloadtor-eecc44dab8ad98246b2c4dbedf977113f1874f77.tar.gz
tor-eecc44dab8ad98246b2c4dbedf977113f1874f77.zip
r17963@catbus: nickm | 2008-02-07 10:14:25 -0500
Be more thorough about memory poisoning and clearing. Add an in-place version of aes_crypt in order to remove a memcpy from relay_crypt_one_payload. svn:r13414
Diffstat (limited to 'src/or/circuitlist.c')
-rw-r--r--src/or/circuitlist.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 67770ffd5a..13dd97fb76 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -378,10 +378,12 @@ static void
circuit_free(circuit_t *circ)
{
void *mem;
+ size_t memlen;
tor_assert(circ);
if (CIRCUIT_IS_ORIGIN(circ)) {
origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
mem = ocirc;
+ memlen = sizeof(origin_circuit_t);
tor_assert(circ->magic == ORIGIN_CIRCUIT_MAGIC);
if (ocirc->build_state) {
if (ocirc->build_state->chosen_exit)
@@ -398,6 +400,7 @@ circuit_free(circuit_t *circ)
} else {
or_circuit_t *ocirc = TO_OR_CIRCUIT(circ);
mem = ocirc;
+ memlen = sizeof(or_circuit_t);
tor_assert(circ->magic == OR_CIRCUIT_MAGIC);
if (ocirc->p_crypto)
@@ -432,7 +435,7 @@ circuit_free(circuit_t *circ)
* "active" checks will be violated. */
cell_queue_clear(&circ->n_conn_cells);
- memset(circ, 0xAA, sizeof(circuit_t)); /* poison memory */
+ memset(circ, 0xAA, memlen); /* poison memory */
tor_free(mem);
}
@@ -499,7 +502,7 @@ circuit_free_cpath_node(crypt_path_t *victim)
if (victim->extend_info)
extend_info_free(victim->extend_info);
- victim->magic = 0xDEADBEEFu;
+ memset(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */
tor_free(victim);
}