Merge branch 'maint-0.4.4'

2024-11-10 13:13:44 +01:00 · 2020-08-11 14:54:26 +03:00 · 2020-08-11 14:54:26 +03:00 · b8003fbe99
commit b8003fbe99
parent 069946852a ab9c35f043
4 changed files with 31 additions and 4 deletions
--- a/changes/ticket6198
+++ b/changes/ticket6198
@ -0,0 +1,3 @@
+  o Minor features (defense in depth):
+    - Wipe more data from connection address fields before returning them to
+      the memory heap. Closes ticket 6198.
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@ -831,7 +831,7 @@ connection_free_minimal(connection_t *conn)
    }
  }

-  tor_free(conn->address);
+  tor_str_wipe_and_free(conn->address);

  if (connection_speaks_cells(conn)) {
    or_connection_t *or_conn = TO_OR_CONN(conn);
@ -851,7 +851,7 @@ connection_free_minimal(connection_t *conn)
    }
    or_handshake_state_free(or_conn->handshake_state);
    or_conn->handshake_state = NULL;
-    tor_free(or_conn->nickname);
+    tor_str_wipe_and_free(or_conn->nickname);
    if (or_conn->chan) {
      /* Owww, this shouldn't happen, but... */
      channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
@ -871,8 +871,8 @@ connection_free_minimal(connection_t *conn)
  }
  if (conn->type == CONN_TYPE_AP) {
    entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
-    tor_free(entry_conn->chosen_exit_name);
-    tor_free(entry_conn->original_dest_address);
+    tor_str_wipe_and_free(entry_conn->chosen_exit_name);
+    tor_str_wipe_and_free(entry_conn->original_dest_address);
    if (entry_conn->socks_request)
      socks_request_free(entry_conn->socks_request);
    if (entry_conn->pending_optimistic_data) {
--- a/src/lib/crypt_ops/crypto_util.c
+++ b/src/lib/crypt_ops/crypto_util.c
@ -107,3 +107,17 @@ memwipe(void *mem, uint8_t byte, size_t sz)
   **/
  memset(mem, byte, sz);
 }
+
+/**
+ * Securely all memory in <b>str</b>, then free it.
+ *
+ * As tor_free(), tolerates null pointers.
+ **/
+void
+tor_str_wipe_and_free_(char *str)
+{
+  if (!str)
+    return;
+  memwipe(str, 0, strlen(str));
+  tor_free_(str);
+}
--- a/src/lib/crypt_ops/crypto_util.h
+++ b/src/lib/crypt_ops/crypto_util.h
@ -14,8 +14,18 @@
 #define TOR_CRYPTO_UTIL_H

 #include "lib/cc/torint.h"
+#include "lib/malloc/malloc.h"

 /** OpenSSL-based utility functions. */
 void memwipe(void *mem, uint8_t byte, size_t sz);

+void tor_str_wipe_and_free_(char *str);
+/**
+ * Securely all memory in <b>str</b>, then free it.
+ *
+ * As tor_free(), tolerates null pointers, and sets <b>str</b> to NULL.
+ **/
+#define tor_str_wipe_and_free(str)                      \
+  FREE_AND_NULL(char, tor_str_wipe_and_free_, (str))
+
 #endif /* !defined(TOR_CRYPTO_UTIL_H) */