Merge remote-tracking branch 'tor-gitlab/mr/102' into maint-0.4.4

ab9c35f0 · George Kadianakis · 7d80bf80 · ea876ab0 · ab9c35f0 · ab9c35f0
Commit ab9c35f0 authored Aug 11, 2020 by George Kadianakis
--- a/changes/ticket6198
+++ b/changes/ticket6198
+  o Minor features (defense in depth):
+    - Wipe more data from connection address fields before returning them to
+      the memory heap. Closes ticket 6198.
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -646,7 +646,7 @@ connection_free_minimal(connection_t *conn)
    }
  }

-  tor_free(conn->address);
+  tor_str_wipe_and_free(conn->address);

  if (connection_speaks_cells(conn)) {
    or_connection_t *or_conn = TO_OR_CONN(conn);
@@ -666,7 +666,7 @@ connection_free_minimal(connection_t *conn)
    }
    or_handshake_state_free(or_conn->handshake_state);
    or_conn->handshake_state = NULL;
-    tor_free(or_conn->nickname);
+    tor_str_wipe_and_free(or_conn->nickname);
    if (or_conn->chan) {
      /* Owww, this shouldn't happen, but... */
      channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
@@ -686,8 +686,8 @@ connection_free_minimal(connection_t *conn)
  }
  if (conn->type == CONN_TYPE_AP) {
    entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
-    tor_free(entry_conn->chosen_exit_name);
-    tor_free(entry_conn->original_dest_address);
+    tor_str_wipe_and_free(entry_conn->chosen_exit_name);
+    tor_str_wipe_and_free(entry_conn->original_dest_address);
    if (entry_conn->socks_request)
      socks_request_free(entry_conn->socks_request);
    if (entry_conn->pending_optimistic_data) {

--- a/src/lib/crypt_ops/crypto_util.c
+++ b/src/lib/crypt_ops/crypto_util.c
@@ -107,3 +107,17 @@ memwipe(void *mem, uint8_t byte, size_t sz)
   **/
  memset(mem, byte, sz);
 }
+
+/**
+ * Securely all memory in <b>str</b>, then free it.
+ *
+ * As tor_free(), tolerates null pointers.
+ **/
+void
+tor_str_wipe_and_free_(char *str)
+{
+  if (!str)
+    return;
+  memwipe(str, 0, strlen(str));
+  tor_free_(str);
+}
--- a/src/lib/crypt_ops/crypto_util.h
+++ b/src/lib/crypt_ops/crypto_util.h
@@ -14,8 +14,18 @@
 #define TOR_CRYPTO_UTIL_H

 #include "lib/cc/torint.h"
+#include "lib/malloc/malloc.h"

 /** OpenSSL-based utility functions. */
 void memwipe(void *mem, uint8_t byte, size_t sz);

+void tor_str_wipe_and_free_(char *str);
+/**
+ * Securely all memory in <b>str</b>, then free it.
+ *
+ * As tor_free(), tolerates null pointers, and sets <b>str</b> to NULL.
+ **/
+#define tor_str_wipe_and_free(str)                      \
+  FREE_AND_NULL(char, tor_str_wipe_and_free_, (str))
+
 #endif /* !defined(TOR_CRYPTO_UTIL_H) */