Zero a cipher completely before freeing it

author Sebastian Hahn <sebastian@torproject.org>

Mon, 22 Feb 2010 10:39:29 +0000 (11:39 +0100)

committer Sebastian Hahn <sebastian@torproject.org>

Fri, 26 Feb 2010 04:47:25 +0000 (05:47 +0100)
author Sebastian Hahn <sebastian@torproject.org>
Mon, 22 Feb 2010 10:39:29 +0000 (11:39 +0100)
committer Sebastian Hahn <sebastian@torproject.org>
Fri, 26 Feb 2010 04:47:25 +0000 (05:47 +0100)
diff --git a/ChangeLog b/ChangeLog

index 224b08e99d9b4da6618c562eace6f82f6b13f6db..24b0cc6d1a0ceab75ad94296b6fc611353bd6b4e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Changes in version 0.2.1.25 - 2010-??-??
+  o Major bugfixes:
+    - When freeing a cipher, zero it out completely. We only zeroed
+      the first ptrsize bytes. Bugfix on tor-0.0.2pre8. Discovered
+      and patched by ekir. Fixes bug 1254.
+
  Changes in version 0.2.1.24 - 2010-02-21
    Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
    for sure!
diff --git a/src/common/aes.c b/src/common/aes.c

index e07665635b9894e0b78dd37910cfc42bbc720618..224988915bf16ccdd172b298d0c6be6616ec3649 100644 (file)
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -267,7 +267,7 @@ aes_free_cipher(aes_cnt_cipher_t *cipher)
  #ifdef USE_OPENSSL_EVP
    EVP_CIPHER_CTX_cleanup(&cipher->key);
  #endif
-  memset(cipher, 0, sizeof(cipher));
+  memset(cipher, 0, sizeof(aes_cnt_cipher_t));
    tor_free(cipher);
  }
author	Sebastian Hahn <sebastian@torproject.org>
	Mon, 22 Feb 2010 10:39:29 +0000 (11:39 +0100)
committer	Sebastian Hahn <sebastian@torproject.org>
	Fri, 26 Feb 2010 04:47:25 +0000 (05:47 +0100)
ChangeLog		patch \| blob \| blame \| history
src/common/aes.c		patch \| blob \| blame \| history