diff options
| author | Andrea Shepard <andrea@persephoneslair.org> | 2012-06-15 19:54:54 -0700 |
|---|---|---|
| committer | Andrea Shepard <andrea@persephoneslair.org> | 2012-06-15 19:54:54 -0700 |
| commit | 9f55dfd915616436d00a4495bbca749a3ae7d287 (patch) | |
| tree | 7b08442f39397ba190f03d390cbdc184c7cea374 /src/or/rendservice.c | |
| parent | c37b8023b70f7667db342ffd4c998df6b929f4e4 (diff) | |
| download | tor-9f55dfd915616436d00a4495bbca749a3ae7d287.tar.gz tor-9f55dfd915616436d00a4495bbca749a3ae7d287.zip | |
Clean up keys on stack in rend_service_load_keys()
Diffstat (limited to 'src/or/rendservice.c')
| -rw-r--r-- | src/or/rendservice.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 11e80b70f9..2713596903 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -617,6 +617,8 @@ rend_service_load_keys(void) int r = 0; char fname[512]; char buf[1500]; + char desc_cook_out[3*REND_DESC_COOKIE_LEN_BASE64+1]; + char service_id[16+1]; SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) { if (s->private_key) @@ -709,8 +711,6 @@ rend_service_load_keys(void) * ones if a client is new. */ SMARTLIST_FOREACH_BEGIN(s->clients, rend_authorized_client_t *, client) { - char desc_cook_out[3*REND_DESC_COOKIE_LEN_BASE64+1]; - char service_id[16+1]; rend_authorized_client_t *parsed = strmap_get(parsed_clients, client->client_name); int written; @@ -727,6 +727,9 @@ rend_service_load_keys(void) REND_DESC_COOKIE_LEN) < 0) { log_warn(LD_BUG, "Could not base64-encode descriptor cookie."); strmap_free(parsed_clients, rend_authorized_client_strmap_item_free); + /* Clear these here for the early error exit */ + memset(desc_cook_out, 0, sizeof(desc_cook_out)); + memset(service_id, 0, sizeof(service_id)); return -1; } /* Copy client key from parsed entry or create new one if required. */ @@ -823,6 +826,9 @@ rend_service_load_keys(void) tor_free(client_keys_str); strmap_free(parsed_clients, rend_authorized_client_strmap_item_free); if (r<0) { + /* Clear these here for the early error exit */ + memset(desc_cook_out, 0, sizeof(desc_cook_out)); + memset(service_id, 0, sizeof(service_id)); if (open_cfile) abort_writing_to_file(open_cfile); if (open_hfile) @@ -833,7 +839,18 @@ rend_service_load_keys(void) finish_writing_to_file(open_hfile); } } + + /* + * Clear stack buffers that held key-derived material; we do this here + * for each iteration so that we don't have to put this before all of + * the early error exits (check/create directory, check service file, + * and so forth) that otherwise might have leftover key from the + * previous iteration on the stack. + */ + memset(desc_cook_out, 0, sizeof(desc_cook_out)); + memset(service_id, 0, sizeof(service_id)); } SMARTLIST_FOREACH_END(s); + return r; } |