Loading changes/bug18089 0 → 100644 +6 −0 Original line number Diff line number Diff line o Minor fixes (security): - Make memwipe() do nothing when passed a NULL pointer or zero size. Check size argument to memwipe() for underflow. Closes bug #18089. Reported by "gk", patch by "teor". Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), commit 49dd5ef3 on 7 Nov 2012. src/common/crypto.c +8 −0 Original line number Diff line number Diff line Loading @@ -2556,6 +2556,7 @@ smartlist_shuffle(smartlist_t *sl) /** * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to * the value <b>byte</b>. * If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens. * * This function is preferable to memset, since many compilers will happily * optimize out memset() when they can convince themselves that the data being Loading @@ -2573,6 +2574,13 @@ smartlist_shuffle(smartlist_t *sl) void memwipe(void *mem, uint8_t byte, size_t sz) { if (mem == NULL || sz == 0) { return; } /* Data this large is likely to be an underflow. */ tor_assert(sz < SIZE_T_CEILING); /* Because whole-program-optimization exists, we may not be able to just * have this function call "memset". A smart compiler could inline it, then * eliminate dead memsets, and declare itself to be clever. */ Loading Loading
changes/bug18089 0 → 100644 +6 −0 Original line number Diff line number Diff line o Minor fixes (security): - Make memwipe() do nothing when passed a NULL pointer or zero size. Check size argument to memwipe() for underflow. Closes bug #18089. Reported by "gk", patch by "teor". Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), commit 49dd5ef3 on 7 Nov 2012.
src/common/crypto.c +8 −0 Original line number Diff line number Diff line Loading @@ -2556,6 +2556,7 @@ smartlist_shuffle(smartlist_t *sl) /** * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to * the value <b>byte</b>. * If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens. * * This function is preferable to memset, since many compilers will happily * optimize out memset() when they can convince themselves that the data being Loading @@ -2573,6 +2574,13 @@ smartlist_shuffle(smartlist_t *sl) void memwipe(void *mem, uint8_t byte, size_t sz) { if (mem == NULL || sz == 0) { return; } /* Data this large is likely to be an underflow. */ tor_assert(sz < SIZE_T_CEILING); /* Because whole-program-optimization exists, we may not be able to just * have this function call "memset". A smart compiler could inline it, then * eliminate dead memsets, and declare itself to be clever. */ Loading
