diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-11-07 16:09:58 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-11-08 16:44:50 -0500 |
| commit | 49dd5ef3a3d1775fdc3c0a7d069d3097b3baeeec (patch) | |
| tree | 7189ed200ae8f47bf7d3399d0b99243dc93bced3 /src/or | |
| parent | 758428dd32128874cefacc92ef63c1b5bc9a656e (diff) | |
| download | tor-49dd5ef3a3d1775fdc3c0a7d069d3097b3baeeec.tar.gz tor-49dd5ef3a3d1775fdc3c0a7d069d3097b3baeeec.zip | |
Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope. I've gone with the safest
possible replacement, which might be a bit slow. I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.
Fixes bug 7352.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/buffers.c | 6 | ||||
| -rw-r--r-- | src/or/circuitlist.c | 8 | ||||
| -rw-r--r-- | src/or/connection.c | 2 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 4 | ||||
| -rw-r--r-- | src/or/connection_or.c | 8 | ||||
| -rw-r--r-- | src/or/networkstatus.c | 2 | ||||
| -rw-r--r-- | src/or/onion.c | 24 | ||||
| -rw-r--r-- | src/or/rendclient.c | 4 | ||||
| -rw-r--r-- | src/or/rendservice.c | 4 | ||||
| -rw-r--r-- | src/or/routerparse.c | 2 |
10 files changed, 32 insertions, 32 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c index 9acc22971a..ad5ab83e4f 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1546,14 +1546,14 @@ socks_request_free(socks_request_t *req) if (!req) return; if (req->username) { - memset(req->username, 0x10, req->usernamelen); + memwipe(req->username, 0x10, req->usernamelen); tor_free(req->username); } if (req->password) { - memset(req->password, 0x04, req->passwordlen); + memwipe(req->password, 0x04, req->passwordlen); tor_free(req->password); } - memset(req, 0xCC, sizeof(socks_request_t)); + memwipe(req, 0xCC, sizeof(socks_request_t)); tor_free(req); } diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 7ed942c8fe..93ba69dcf0 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -612,11 +612,11 @@ circuit_free(circuit_t *circ) tor_free(ocirc->dest_address); if (ocirc->socks_username) { - memset(ocirc->socks_username, 0x12, ocirc->socks_username_len); + memwipe(ocirc->socks_username, 0x12, ocirc->socks_username_len); tor_free(ocirc->socks_username); } if (ocirc->socks_password) { - memset(ocirc->socks_password, 0x06, ocirc->socks_password_len); + memwipe(ocirc->socks_password, 0x06, ocirc->socks_password_len); tor_free(ocirc->socks_password); } } else { @@ -657,7 +657,7 @@ circuit_free(circuit_t *circ) * "active" checks will be violated. */ cell_queue_clear(&circ->n_conn_cells); - memset(mem, 0xAA, memlen); /* poison memory */ + memwipe(mem, 0xAA, memlen); /* poison memory */ tor_free(mem); } @@ -721,7 +721,7 @@ circuit_free_cpath_node(crypt_path_t *victim) crypto_dh_free(victim->dh_handshake_state); extend_info_free(victim->extend_info); - memset(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */ + memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */ tor_free(victim); } diff --git a/src/or/connection.c b/src/or/connection.c index 364e4912da..eac9c4f32b 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -561,7 +561,7 @@ _connection_free(connection_t *conn) } #endif - memset(mem, 0xCC, memlen); /* poison memory */ + memwipe(mem, 0xCC, memlen); /* poison memory */ tor_free(mem); } diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 1592033c54..9563ca6222 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3709,11 +3709,11 @@ circuit_clear_isolation(origin_circuit_t *circ) circ->session_group = -1; circ->nym_epoch = 0; if (circ->socks_username) { - memset(circ->socks_username, 0x11, circ->socks_username_len); + memwipe(circ->socks_username, 0x11, circ->socks_username_len); tor_free(circ->socks_username); } if (circ->socks_password) { - memset(circ->socks_password, 0x05, circ->socks_password_len); + memwipe(circ->socks_password, 0x05, circ->socks_password_len); tor_free(circ->socks_password); } circ->socks_username_len = circ->socks_password_len = 0; diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 6293fe881d..5eecee0740 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1657,7 +1657,7 @@ or_handshake_state_free(or_handshake_state_t *state) crypto_digest_free(state->digest_received); tor_cert_free(state->auth_cert); tor_cert_free(state->id_cert); - memset(state, 0xBE, sizeof(or_handshake_state_t)); + memwipe(state, 0xBE, sizeof(or_handshake_state_t)); tor_free(state); } @@ -1698,7 +1698,7 @@ or_handshake_state_record_cell(or_handshake_state_t *state, this very often at all. */ cell_pack(&packed, cell); crypto_digest_add_bytes(d, packed.body, sizeof(packed.body)); - memset(&packed, 0, sizeof(packed)); + memwipe(&packed, 0, sizeof(packed)); } /** Remember that a variable-length <b>cell</b> has been transmitted (if @@ -1733,7 +1733,7 @@ or_handshake_state_record_var_cell(or_handshake_state_t *state, crypto_digest_add_bytes(d, buf, sizeof(buf)); crypto_digest_add_bytes(d, (const char *)cell->payload, cell->payload_len); - memset(buf, 0, sizeof(buf)); + memwipe(buf, 0, sizeof(buf)); } /** Set <b>conn</b>'s state to OR_CONN_STATE_OPEN, and tell other subsystems @@ -2090,7 +2090,7 @@ connection_or_send_auth_challenge_cell(or_connection_t *conn) connection_or_write_var_cell_to_buf(cell, conn); var_cell_free(cell); - memset(challenge, 0, sizeof(challenge)); + memwipe(challenge, 0, sizeof(challenge)); return 0; } diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index fadaf90da4..2553a74e50 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -413,7 +413,7 @@ networkstatus_vote_free(networkstatus_t *ns) digestmap_free(ns->desc_digest_map, NULL); - memset(ns, 11, sizeof(*ns)); + memwipe(ns, 11, sizeof(*ns)); tor_free(ns); } diff --git a/src/or/onion.c b/src/or/onion.c index ff1556c3e1..f8c4d72b5a 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -206,12 +206,12 @@ onion_skin_create(crypto_pk_t *dest_router_key, PK_PKCS1_OAEP_PADDING, 1)<0) goto err; - memset(challenge, 0, sizeof(challenge)); + memwipe(challenge, 0, sizeof(challenge)); *handshake_state_out = dh; return 0; err: - memset(challenge, 0, sizeof(challenge)); + memwipe(challenge, 0, sizeof(challenge)); if (dh) crypto_dh_free(dh); return -1; } @@ -286,15 +286,15 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/ /* use the rest of the key material for our shared keys, digests, etc */ memcpy(key_out, key_material+DIGEST_LEN, key_out_len); - memset(challenge, 0, sizeof(challenge)); - memset(key_material, 0, key_material_len); + memwipe(challenge, 0, sizeof(challenge)); + memwipe(key_material, 0, key_material_len); tor_free(key_material); crypto_dh_free(dh); return 0; err: - memset(challenge, 0, sizeof(challenge)); + memwipe(challenge, 0, sizeof(challenge)); if (key_material) { - memset(key_material, 0, key_material_len); + memwipe(key_material, 0, key_material_len); tor_free(key_material); } if (dh) crypto_dh_free(dh); @@ -340,11 +340,11 @@ onion_skin_client_handshake(crypto_dh_t *handshake_state, /* use the rest of the key material for our shared keys, digests, etc */ memcpy(key_out, key_material+DIGEST_LEN, key_out_len); - memset(key_material, 0, key_material_len); + memwipe(key_material, 0, key_material_len); tor_free(key_material); return 0; err: - memset(key_material, 0, key_material_len); + memwipe(key_material, 0, key_material_len); tor_free(key_material); return -1; } @@ -381,8 +381,8 @@ fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */ memcpy(key_out, out+DIGEST_LEN, key_out_len); r = 0; done: - memset(tmp, 0, sizeof(tmp)); - memset(out, 0, out_len); + memwipe(tmp, 0, sizeof(tmp)); + memwipe(out, 0, out_len); tor_free(out); return r; } @@ -426,8 +426,8 @@ fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/ memcpy(key_out, out+DIGEST_LEN, key_out_len); r = 0; done: - memset(tmp, 0, sizeof(tmp)); - memset(out, 0, out_len); + memwipe(tmp, 0, sizeof(tmp)); + memwipe(out, 0, out_len); tor_free(out); return r; } diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 6c751be27d..3a0cd1a666 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -908,10 +908,10 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request, circuit_try_attaching_streams(circ); - memset(keys, 0, sizeof(keys)); + memwipe(keys, 0, sizeof(keys)); return 0; err: - memset(keys, 0, sizeof(keys)); + memwipe(keys, 0, sizeof(keys)); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); return -1; } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 6af4778dfc..d235f089fc 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1404,10 +1404,10 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, memcpy(cpath->handshake_digest, keys, DIGEST_LEN); if (extend_info) extend_info_free(extend_info); - memset(keys, 0, sizeof(keys)); + memwipe(keys, 0, sizeof(keys)); return 0; err: - memset(keys, 0, sizeof(keys)); + memwipe(keys, 0, sizeof(keys)); if (dh) crypto_dh_free(dh); if (launched) circuit_mark_for_close(TO_CIRCUIT(launched), reason); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 2bf072b3cf..299d07d376 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -4596,7 +4596,7 @@ tor_version_parse(const char *s, tor_version_t *out) if (close_paren-cp > HEX_DIGEST_LEN) return -1; hexlen = (int)(close_paren-cp); - memset(digest, 0, sizeof(digest)); + memwipe(digest, 0, sizeof(digest)); if ( hexlen == 0 || (hexlen % 2) == 1) return -1; if (base16_decode(digest, hexlen/2, cp, hexlen)) |