Commit e2efa9e3 authored by Nick Mathewson's avatar Nick Mathewson 🥔
Browse files

Refine the memwipe() arguments check for 18089 a little more. 

We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
parent db815653

src/common/crypto.c

+3 −1
Original line number Diff line number Diff line
@@ -3030,9 +3030,11 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) 
void

memwipe(void *mem, uint8_t byte, size_t sz)

{

  if (mem == NULL || sz == 0) {

  if (sz == 0) {

    return;

  }

  /* If sz is nonzero, then mem must not be NULL. */

  tor_assert(mem != NULL);



  /* Data this large is likely to be an underflow. */

  tor_assert(sz < SIZE_T_CEILING);