tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit b8003fbe99da4657ba408dc69602700956b9c2fb
parent 069946852a5f847e92062cd1b2a56c20935592b2
Author: George Kadianakis <desnacked@riseup.net>
Date:   Tue, 11 Aug 2020 14:54:26 +0300

Merge branch 'maint-0.4.4'

Diffstat:

Achanges/ticket6198 | 3+++


Msrc/core/mainloop/connection.c | 8++++----


Msrc/lib/crypt_ops/crypto_util.c | 14++++++++++++++


Msrc/lib/crypt_ops/crypto_util.h | 10++++++++++


4 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/changes/ticket6198 b/changes/ticket6198
@@ -0,0 +1,3 @@
+  o Minor features (defense in depth):
+    - Wipe more data from connection address fields before returning them to
+      the memory heap. Closes ticket 6198.
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
@@ -831,7 +831,7 @@ connection_free_minimal(connection_t *conn)
     }
   }
 
-  tor_free(conn->address);
+  tor_str_wipe_and_free(conn->address);
 
   if (connection_speaks_cells(conn)) {
     or_connection_t *or_conn = TO_OR_CONN(conn);
@@ -851,7 +851,7 @@ connection_free_minimal(connection_t *conn)
     }
     or_handshake_state_free(or_conn->handshake_state);
     or_conn->handshake_state = NULL;
-    tor_free(or_conn->nickname);
+    tor_str_wipe_and_free(or_conn->nickname);
     if (or_conn->chan) {
       /* Owww, this shouldn't happen, but... */
       channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
@@ -871,8 +871,8 @@ connection_free_minimal(connection_t *conn)
   }
   if (conn->type == CONN_TYPE_AP) {
     entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
-    tor_free(entry_conn->chosen_exit_name);
-    tor_free(entry_conn->original_dest_address);
+    tor_str_wipe_and_free(entry_conn->chosen_exit_name);
+    tor_str_wipe_and_free(entry_conn->original_dest_address);
     if (entry_conn->socks_request)
       socks_request_free(entry_conn->socks_request);
     if (entry_conn->pending_optimistic_data) {
diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c
@@ -107,3 +107,17 @@ memwipe(void *mem, uint8_t byte, size_t sz)
    **/
   memset(mem, byte, sz);
 }
+
+/**
+ * Securely all memory in <b>str</b>, then free it.
+ *
+ * As tor_free(), tolerates null pointers.
+ **/
+void
+tor_str_wipe_and_free_(char *str)
+{
+  if (!str)
+    return;
+  memwipe(str, 0, strlen(str));
+  tor_free_(str);
+}
diff --git a/src/lib/crypt_ops/crypto_util.h b/src/lib/crypt_ops/crypto_util.h
@@ -14,8 +14,18 @@
 #define TOR_CRYPTO_UTIL_H
 
 #include "lib/cc/torint.h"
+#include "lib/malloc/malloc.h"
 
 /** OpenSSL-based utility functions. */
 void memwipe(void *mem, uint8_t byte, size_t sz);
 
+void tor_str_wipe_and_free_(char *str);
+/**
+ * Securely all memory in <b>str</b>, then free it.
+ *
+ * As tor_free(), tolerates null pointers, and sets <b>str</b> to NULL.
+ **/
+#define tor_str_wipe_and_free(str)                      \
+  FREE_AND_NULL(char, tor_str_wipe_and_free_, (str))
+
 #endif /* !defined(TOR_CRYPTO_UTIL_H) */