From a9802d3322f14e9649cbec354ffcf7e1cf266494 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Mon, 22 Feb 2010 11:39:29 +0100 Subject: [PATCH] Zero a cipher completely before freeing it We used to only zero the first ptrsize bytes of the cipher. Since cipher is large enough, we didn't zero too many bytes. Discovered and fixed by ekir. Fixes bug 1254. --- ChangeLog | 6 ++++++ src/common/aes.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 224b08e99d..24b0cc6d1a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Changes in version 0.2.1.25 - 2010-??-?? + o Major bugfixes: + - When freeing a cipher, zero it out completely. We only zeroed + the first ptrsize bytes. Bugfix on tor-0.0.2pre8. Discovered + and patched by ekir. Fixes bug 1254. + Changes in version 0.2.1.24 - 2010-02-21 Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time for sure! diff --git a/src/common/aes.c b/src/common/aes.c index e07665635b..224988915b 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -267,7 +267,7 @@ aes_free_cipher(aes_cnt_cipher_t *cipher) #ifdef USE_OPENSSL_EVP EVP_CIPHER_CTX_cleanup(&cipher->key); #endif - memset(cipher, 0, sizeof(cipher)); + memset(cipher, 0, sizeof(aes_cnt_cipher_t)); tor_free(cipher); }