Merge remote branch 'origin/maint-0.2.2'

This commit is contained in:
Nick Mathewson 2011-01-15 14:17:59 -05:00
commit 07888ed8e4
4 changed files with 19 additions and 3 deletions

6
changes/bug2384 Normal file
View File

@ -0,0 +1,6 @@
o Minor bugfixes
- Zero out a few more keys in memory before freeing them. Fixes bug
2384 and part of bug 2385. These key instances found by
"cypherpunks". Bugfix on 0.0.2pre9.

View File

@ -569,6 +569,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
/* Try to parse it. */ /* Try to parse it. */
r = crypto_pk_read_private_key_from_string(env, contents, -1); r = crypto_pk_read_private_key_from_string(env, contents, -1);
memset(contents, 0, strlen(contents));
tor_free(contents); tor_free(contents);
if (r) if (r)
return -1; /* read_private_key_from_string already warned, so we don't.*/ return -1; /* read_private_key_from_string already warned, so we don't.*/
@ -706,6 +707,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
s[len]='\0'; s[len]='\0';
r = write_str_to_file(fname, s, 0); r = write_str_to_file(fname, s, 0);
BIO_free(bio); BIO_free(bio);
memset(s, 0, strlen(s));
tor_free(s); tor_free(s);
return r; return r;
} }
@ -1868,7 +1870,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
{ {
char *secret_tmp = NULL; char *secret_tmp = NULL;
BIGNUM *pubkey_bn = NULL; BIGNUM *pubkey_bn = NULL;
size_t secret_len=0; size_t secret_len=0, secret_tmp_len=0;
int result=0; int result=0;
tor_assert(dh); tor_assert(dh);
tor_assert(secret_bytes_out/DIGEST_LEN <= 255); tor_assert(secret_bytes_out/DIGEST_LEN <= 255);
@ -1882,7 +1884,8 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
log_fn(severity, LD_CRYPTO,"Rejected invalid g^x"); log_fn(severity, LD_CRYPTO,"Rejected invalid g^x");
goto error; goto error;
} }
secret_tmp = tor_malloc(crypto_dh_get_bytes(dh)); secret_tmp_len = crypto_dh_get_bytes(dh);
secret_tmp = tor_malloc(secret_tmp_len);
result = DH_compute_key((unsigned char*)secret_tmp, pubkey_bn, dh->dh); result = DH_compute_key((unsigned char*)secret_tmp, pubkey_bn, dh->dh);
if (result < 0) { if (result < 0) {
log_warn(LD_CRYPTO,"DH_compute_key() failed."); log_warn(LD_CRYPTO,"DH_compute_key() failed.");
@ -1901,7 +1904,10 @@ crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
crypto_log_errors(LOG_WARN, "completing DH handshake"); crypto_log_errors(LOG_WARN, "completing DH handshake");
if (pubkey_bn) if (pubkey_bn)
BN_free(pubkey_bn); BN_free(pubkey_bn);
tor_free(secret_tmp); if (secret_tmp) {
memset(secret_tmp, 0, secret_tmp_len);
tor_free(secret_tmp);
}
if (result < 0) if (result < 0)
return result; return result;
else else

View File

@ -674,8 +674,10 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
* attach only the connections that are waiting on this circuit, rather * attach only the connections that are waiting on this circuit, rather
* than trying to attach them all. See comments bug 743. */ * than trying to attach them all. See comments bug 743. */
connection_ap_attach_pending(); connection_ap_attach_pending();
memset(keys, 0, sizeof(keys));
return 0; return 0;
err: err:
memset(keys, 0, sizeof(keys));
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
return -1; return -1;
} }

View File

@ -1166,8 +1166,10 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
memcpy(cpath->handshake_digest, keys, DIGEST_LEN); memcpy(cpath->handshake_digest, keys, DIGEST_LEN);
if (extend_info) extend_info_free(extend_info); if (extend_info) extend_info_free(extend_info);
memset(keys, 0, sizeof(keys));
return 0; return 0;
err: err:
memset(keys, 0, sizeof(keys));
if (dh) crypto_dh_free(dh); if (dh) crypto_dh_free(dh);
if (launched) if (launched)
circuit_mark_for_close(TO_CIRCUIT(launched), reason); circuit_mark_for_close(TO_CIRCUIT(launched), reason);