From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 19 Jan 2016 13:28:58 +0000 (-0500)
Subject: Refine the memwipe() arguments check for 18089 a little more.
X-Git-Tag: tor-0.2.6.11~22^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e2efa9e321972709933b6b9a68da035e1a91aa08;p=thirdparty%2Ftor.git

Refine the memwipe() arguments check for 18089 a little more.

We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
---

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 4e0b38372d..8402ca079a 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -3030,9 +3030,11 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
 void
 memwipe(void *mem, uint8_t byte, size_t sz)
 {
-  if (mem == NULL || sz == 0) {
+  if (sz == 0) {
     return;
   }
+  /* If sz is nonzero, then mem must not be NULL. */
+  tor_assert(mem != NULL);
 
   /* Data this large is likely to be an underflow. */
   tor_assert(sz < SIZE_T_CEILING);