diff options
-rw-r--r-- | changes/bug2384 | 5 | ||||
-rw-r--r-- | src/common/crypto.c | 12 |
2 files changed, 14 insertions, 3 deletions
diff --git a/changes/bug2384 b/changes/bug2384 new file mode 100644 index 0000000000..5321814424 --- /dev/null +++ b/changes/bug2384 @@ -0,0 +1,5 @@ + o Minor bugfixes + - Zero out a few more keys in memory before freeing them. Fixes bug + 2384. Found by cypherpunks. Bugfix on 0.0.2pre9. + + diff --git a/src/common/crypto.c b/src/common/crypto.c index 208e1c5fe1..29137a834d 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -490,6 +490,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, /* Try to parse it. */ r = crypto_pk_read_private_key_from_string(env, contents, -1); + memset(contents, 0, strlen(contents)); tor_free(contents); if (r) return -1; /* read_private_key_from_string already warned, so we don't.*/ @@ -627,6 +628,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env, s[len]='\0'; r = write_str_to_file(fname, s, 0); BIO_free(bio); + memset(s, 0, strlen(s)); tor_free(s); return r; } @@ -1688,7 +1690,7 @@ crypto_dh_compute_secret(crypto_dh_env_t *dh, { char *secret_tmp = NULL; BIGNUM *pubkey_bn = NULL; - size_t secret_len=0; + size_t secret_len=0, secret_tmp_len=0; int result=0; tor_assert(dh); tor_assert(secret_bytes_out/DIGEST_LEN <= 255); @@ -1702,7 +1704,8 @@ crypto_dh_compute_secret(crypto_dh_env_t *dh, log_warn(LD_CRYPTO,"Rejected invalid g^x"); goto error; } - secret_tmp = tor_malloc(crypto_dh_get_bytes(dh)); + secret_tmp_len = crypto_dh_get_bytes(dh); + secret_tmp = tor_malloc(secret_tmp_len); result = DH_compute_key((unsigned char*)secret_tmp, pubkey_bn, dh->dh); if (result < 0) { log_warn(LD_CRYPTO,"DH_compute_key() failed."); @@ -1721,7 +1724,10 @@ crypto_dh_compute_secret(crypto_dh_env_t *dh, crypto_log_errors(LOG_WARN, "completing DH handshake"); if (pubkey_bn) BN_free(pubkey_bn); - tor_free(secret_tmp); + if (secret_tmp) { + memset(secret_tmp, 0, secret_tmp_len); + tor_free(secret_tmp); + } if (result < 0) return result; else |