mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
49dd5ef3a3
Apparently some compilers like to eliminate memset() operations on data that's about to go out-of-scope. I've gone with the safest possible replacement, which might be a bit slow. I don't think this is critical path in any way that will affect performance, but if it is, we can work on that in 0.2.4. Fixes bug 7352.
13 lines
687 B
Plaintext
13 lines
687 B
Plaintext
o Major bugfixes:
|
|
- Tor tries to wipe potentially sensitive data after using it, so
|
|
that if some subsequent security failure exposes Tor's memory,
|
|
the damage will be limited. But we had a bug where the compiler
|
|
was eliminating these wipe operations when it decided that the
|
|
memory was no longer visible to a (correctly running) program,
|
|
hence defeating our attempt at defense in depth. We fix that
|
|
by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
|
|
is unlikely to optimize away. Future versions of Tor may use
|
|
a less ridiculously heavy approach for this. Fixes bug 7352.
|
|
Reported in an article by Andrey Karpov.
|
|
|