From e2efa9e321972709933b6b9a68da035e1a91aa08 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 19 Jan 2016 08:28:58 -0500 Subject: Refine the memwipe() arguments check for 18089 a little more. We still silently ignore memwipe(NULL, ch, 0); and memwipe(ptr, ch, 0); /* for ptr != NULL */ But we now assert on: memwipe(NULL, ch, 30); --- src/common/crypto.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/common/crypto.c b/src/common/crypto.c index 4e0b38372d..8402ca079a 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -3030,9 +3030,11 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) void memwipe(void *mem, uint8_t byte, size_t sz) { - if (mem == NULL || sz == 0) { + if (sz == 0) { return; } + /* If sz is nonzero, then mem must not be NULL. */ + tor_assert(mem != NULL); /* Data this large is likely to be an underflow. */ tor_assert(sz < SIZE_T_CEILING); -- cgit v1.2.3-54-g00ecf