diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/core/mainloop/connection.c | 8 | ||||
-rw-r--r-- | src/feature/hs/hs_client.c | 14 | ||||
-rw-r--r-- | src/feature/rend/rendclient.c | 4 | ||||
-rw-r--r-- | src/lib/crypt_ops/crypto_util.c | 14 | ||||
-rw-r--r-- | src/lib/crypt_ops/crypto_util.h | 10 | ||||
-rw-r--r-- | src/win32/orconfig.h | 2 |
6 files changed, 41 insertions, 11 deletions
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index 36adc43d1e..fd5bf879c5 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -646,7 +646,7 @@ connection_free_minimal(connection_t *conn) } } - tor_free(conn->address); + tor_str_wipe_and_free(conn->address); if (connection_speaks_cells(conn)) { or_connection_t *or_conn = TO_OR_CONN(conn); @@ -666,7 +666,7 @@ connection_free_minimal(connection_t *conn) } or_handshake_state_free(or_conn->handshake_state); or_conn->handshake_state = NULL; - tor_free(or_conn->nickname); + tor_str_wipe_and_free(or_conn->nickname); if (or_conn->chan) { /* Owww, this shouldn't happen, but... */ channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan); @@ -686,8 +686,8 @@ connection_free_minimal(connection_t *conn) } if (conn->type == CONN_TYPE_AP) { entry_connection_t *entry_conn = TO_ENTRY_CONN(conn); - tor_free(entry_conn->chosen_exit_name); - tor_free(entry_conn->original_dest_address); + tor_str_wipe_and_free(entry_conn->chosen_exit_name); + tor_str_wipe_and_free(entry_conn->original_dest_address); if (entry_conn->socks_request) socks_request_free(entry_conn->socks_request); if (entry_conn->pending_optimistic_data) { diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 892f69a3a0..d9c5d8ca1d 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -778,10 +778,16 @@ client_rendezvous_circ_has_opened(origin_circuit_t *circ) * the v3 rendezvous protocol */ if (rp_ei) { const node_t *rp_node = node_get_by_id(rp_ei->identity_digest); - if (rp_node) { - if (BUG(!node_supports_v3_rendezvous_point(rp_node))) { - return; - } + if (rp_node && !node_supports_v3_rendezvous_point(rp_node)) { + /* Even tho we checked that this node supported v3 when we created the + rendezvous circuit, there is a chance that we might think it does + not support v3 anymore. This might happen if we got a new consensus + in the meanwhile, where the relay is still listed but its listed + descriptor digest has changed and hence we can't access its 'ri' or + 'md'. */ + log_info(LD_REND, "Rendezvous node %s did not support v3 after circuit " + "has opened.", safe_str_client(extend_info_describe(rp_ei))); + return; } } diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index 09db7045fa..d33b61851f 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -261,8 +261,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc, > MAX_NICKNAME_LEN)) { goto perm_err; } - strncpy(tmp, rendcirc->build_state->chosen_exit->nickname, - (MAX_NICKNAME_LEN+1)); /* nul pads */ + strlcpy(tmp, rendcirc->build_state->chosen_exit->nickname, + sizeof(tmp)); memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie, REND_COOKIE_LEN); dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN; diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c index 60e81af165..7ebb860d09 100644 --- a/src/lib/crypt_ops/crypto_util.c +++ b/src/lib/crypt_ops/crypto_util.c @@ -107,3 +107,17 @@ memwipe(void *mem, uint8_t byte, size_t sz) **/ memset(mem, byte, sz); } + +/** + * Securely all memory in <b>str</b>, then free it. + * + * As tor_free(), tolerates null pointers. + **/ +void +tor_str_wipe_and_free_(char *str) +{ + if (!str) + return; + memwipe(str, 0, strlen(str)); + tor_free_(str); +} diff --git a/src/lib/crypt_ops/crypto_util.h b/src/lib/crypt_ops/crypto_util.h index 4c08180f92..36ee230176 100644 --- a/src/lib/crypt_ops/crypto_util.h +++ b/src/lib/crypt_ops/crypto_util.h @@ -14,8 +14,18 @@ #define TOR_CRYPTO_UTIL_H #include "lib/cc/torint.h" +#include "lib/malloc/malloc.h" /** OpenSSL-based utility functions. */ void memwipe(void *mem, uint8_t byte, size_t sz); +void tor_str_wipe_and_free_(char *str); +/** + * Securely all memory in <b>str</b>, then free it. + * + * As tor_free(), tolerates null pointers, and sets <b>str</b> to NULL. + **/ +#define tor_str_wipe_and_free(str) \ + FREE_AND_NULL(char, tor_str_wipe_and_free_, (str)) + #endif /* !defined(TOR_CRYPTO_UTIL_H) */ diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index eb9b9c905f..bb8eb4c769 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -217,7 +217,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.4.4.3-alpha-dev" +#define VERSION "0.4.4.4-rc" #define HAVE_STRUCT_SOCKADDR_IN6 #define HAVE_STRUCT_IN6_ADDR |