[tor-commits] [tor/release-0.2.9] Refine the memwipe() arguments check for 18089 a little more.

nickm at torproject.org nickm at torproject.org
Tue Feb 7 13:42:09 UTC 2017


commit 6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Jan 19 08:28:58 2016 -0500

    Refine the memwipe() arguments check for 18089 a little more.
    
    We still silently ignore
         memwipe(NULL, ch, 0);
    and
         memwipe(ptr, ch, 0);  /* for ptr != NULL */
    
    But we now assert on:
         memwipe(NULL, ch, 30);
---
 src/common/crypto.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index f913917..522c137 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2990,9 +2990,11 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
 void
 memwipe(void *mem, uint8_t byte, size_t sz)
 {
-  if (mem == NULL || sz == 0) {
+  if (sz == 0) {
     return;
   }
+  /* If sz is nonzero, then mem must not be NULL. */
+  tor_assert(mem != NULL);
 
   /* Data this large is likely to be an underflow. */
   tor_assert(sz < SIZE_T_CEILING);





More information about the tor-commits mailing list