[tor-commits] [tor/release-0.2.9] Refine the memwipe() arguments check for 18089 a little more.
nickm at torproject.org
nickm at torproject.org
Tue Feb 7 13:42:09 UTC 2017
commit 6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Jan 19 08:28:58 2016 -0500
Refine the memwipe() arguments check for 18089 a little more.
We still silently ignore
memwipe(NULL, ch, 0);
and
memwipe(ptr, ch, 0); /* for ptr != NULL */
But we now assert on:
memwipe(NULL, ch, 30);
---
src/common/crypto.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c
index f913917..522c137 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2990,9 +2990,11 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
void
memwipe(void *mem, uint8_t byte, size_t sz)
{
- if (mem == NULL || sz == 0) {
+ if (sz == 0) {
return;
}
+ /* If sz is nonzero, then mem must not be NULL. */
+ tor_assert(mem != NULL);
/* Data this large is likely to be an underflow. */
tor_assert(sz < SIZE_T_CEILING);
More information about the tor-commits
mailing list