diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-01-19 11:22:58 +1100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-01-18 19:58:07 -0500 |
| commit | db8156533133836b19bca51f7fabba4d161b6ba2 (patch) | |
| tree | cd957b253c604a124b7e1a9ad2f9c0f4b68a5249 /src | |
| parent | c7b0cd9c2f52ca289515833060ac0b8461da2225 (diff) | |
| download | tor-db8156533133836b19bca51f7fabba4d161b6ba2.tar.gz tor-db8156533133836b19bca51f7fabba4d161b6ba2.zip | |
Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.
Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/crypto.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 218c7bea1e..4e0b38372d 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -3012,6 +3012,7 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) /** * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to * the value <b>byte</b>. + * If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens. * * This function is preferable to memset, since many compilers will happily * optimize out memset() when they can convince themselves that the data being @@ -3029,6 +3030,13 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) void memwipe(void *mem, uint8_t byte, size_t sz) { + if (mem == NULL || sz == 0) { + return; + } + + /* Data this large is likely to be an underflow. */ + tor_assert(sz < SIZE_T_CEILING); + /* Because whole-program-optimization exists, we may not be able to just * have this function call "memset". A smart compiler could inline it, then * eliminate dead memsets, and declare itself to be clever. */ |