commit ea876ab00e223b0c1ba022cc27861cfbbde31b64
parent 5b9508c9a5d757223c62749c51eaf7453ff26691
Author: Nick Mathewson <nickm@torproject.org>
Date: Mon, 3 Aug 2020 10:15:08 -0400
Wipe address strings from connections before freeing them them.
This is a defense-in-depth fix; closes 6198.
Diffstat:
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/changes/ticket6198 b/changes/ticket6198
@@ -0,0 +1,3 @@
+ o Minor features (defense in depth):
+ - Wipe more data from connection address fields before returning them to
+ the memory heap. Closes ticket 6198.
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
@@ -637,7 +637,7 @@ connection_free_minimal(connection_t *conn)
}
}
- tor_free(conn->address);
+ tor_str_wipe_and_free(conn->address);
if (connection_speaks_cells(conn)) {
or_connection_t *or_conn = TO_OR_CONN(conn);
@@ -657,7 +657,7 @@ connection_free_minimal(connection_t *conn)
}
or_handshake_state_free(or_conn->handshake_state);
or_conn->handshake_state = NULL;
- tor_free(or_conn->nickname);
+ tor_str_wipe_and_free(or_conn->nickname);
if (or_conn->chan) {
/* Owww, this shouldn't happen, but... */
channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
@@ -677,8 +677,8 @@ connection_free_minimal(connection_t *conn)
}
if (conn->type == CONN_TYPE_AP) {
entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
- tor_free(entry_conn->chosen_exit_name);
- tor_free(entry_conn->original_dest_address);
+ tor_str_wipe_and_free(entry_conn->chosen_exit_name);
+ tor_str_wipe_and_free(entry_conn->original_dest_address);
if (entry_conn->socks_request)
socks_request_free(entry_conn->socks_request);
if (entry_conn->pending_optimistic_data) {
