From: Andrea Shepard <andrea@persephoneslair.org>
Date: Sat, 16 Jun 2012 04:39:28 +0000 (-0700)
Subject: Clean up keys on stack in rend_client_refetch_v2_renddesc()
X-Git-Tag: tor-0.2.4.1-alpha~118^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f24b9b8c3d29143deb65dae34d2c35b940319e3;p=thirdparty%2Ftor.git

Clean up keys on stack in rend_client_refetch_v2_renddesc()
---

diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 39ba05a0a0..7208fb813b 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -674,10 +674,17 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
                                 time(NULL), chosen_replica) < 0) {
       log_warn(LD_REND, "Internal error: Computing v2 rendezvous "
                         "descriptor ID did not succeed.");
-      return;
+      /*
+       * Hmm, can this write anything to descriptor_id and still fail?
+       * Let's clear it just to be safe.
+       *
+       * From here on, any returns should goto done which clears
+       * descriptor_id so we don't leave key-derived material on the stack.
+       */
+      goto done;
     }
     if (directory_get_from_hs_dir(descriptor_id, rend_query) != 0)
-      return; /* either success or failure, but we're done */
+      goto done; /* either success or failure, but we're done */
   }
   /* If we come here, there are no hidden service directories left. */
   log_info(LD_REND, "Could not pick one of the responsible hidden "
@@ -685,6 +692,10 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
                     "we already tried them all unsuccessfully.");
   /* Close pending connections. */
   rend_client_desc_trynow(rend_query->onion_address);
+
+done:
+  memset(descriptor_id, 0, sizeof(descriptor_id));
+
   return;
 }