Opened 7 years ago

Closed 7 years ago

Last modified 5 years ago

#2384 closed defect (fixed)

crypto.c: zero out sensitive data before freeing it

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

  1. crypto_pk_read_private_key_from_filename(): tor_free(contents)
  2. crypto_pk_write_private_key_to_filename(): tor_free(s)
  3. crypto_dh_compute_secret(): tor_free(secret_tmp)

Child Tickets

Change History (7)

comment:1 Changed 7 years ago by nickm

Milestone: Tor: 0.2.1.x-final

comment:2 Changed 7 years ago by nickm

Status: newneeds_review

Fixed in branch bug2384, I hope.

comment:3 Changed 7 years ago by arma

a42adfbf43025d looks fine.

I have not audited to see if we're missing anything, but what we did shouldn't (ha) break anything.

comment:4 Changed 7 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

merged

comment:5 Changed 5 years ago by nickm

Keywords: tor-relay added

comment:6 Changed 5 years ago by nickm

Component: Tor RelayTor

comment:7 Changed 5 years ago by nickm

Milestone: Tor: 0.2.1.x-final

Milestone Tor: 0.2.1.x-final deleted

Note: See TracTickets for help on using tickets.