[tor-commits] [tor/master] Clean up keys on stack in rend_client_refetch_v2_renddesc()

[nickm at torproject.org]

commit 7f24b9b8c3d29143deb65dae34d2c35b940319e3
Author: Andrea Shepard <andrea at persephoneslair.org>
Date:   Fri Jun 15 21:39:28 2012 -0700

    Clean up keys on stack in rend_client_refetch_v2_renddesc()
---
 src/or/rendclient.c |   15 +++++++++++++--
 1 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 39ba05a..7208fb8 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -674,10 +674,17 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
                                 time(NULL), chosen_replica) < 0) {
       log_warn(LD_REND, "Internal error: Computing v2 rendezvous "
                         "descriptor ID did not succeed.");
-      return;
+      /*
+       * Hmm, can this write anything to descriptor_id and still fail?
+       * Let's clear it just to be safe.
+       *
+       * From here on, any returns should goto done which clears
+       * descriptor_id so we don't leave key-derived material on the stack.
+       */
+      goto done;
     }
     if (directory_get_from_hs_dir(descriptor_id, rend_query) != 0)
-      return; /* either success or failure, but we're done */
+      goto done; /* either success or failure, but we're done */
   }
   /* If we come here, there are no hidden service directories left. */
   log_info(LD_REND, "Could not pick one of the responsible hidden "
@@ -685,6 +692,10 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
                     "we already tried them all unsuccessfully.");
   /* Close pending connections. */
   rend_client_desc_trynow(rend_query->onion_address);
+
+done:
+  memset(descriptor_id, 0, sizeof(descriptor_id));
+
   return;
 }