Opened 6 years ago

Closed 6 years ago

Last modified 4 years ago

#2384 closed defect (fixed)

crypto.c: zero out sensitive data before freeing it

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


  1. crypto_pk_read_private_key_from_filename(): tor_free(contents)
  2. crypto_pk_write_private_key_to_filename(): tor_free(s)
  3. crypto_dh_compute_secret(): tor_free(secret_tmp)

Child Tickets

Change History (7)

comment:1 Changed 6 years ago by nickm

  • Milestone set to Tor: 0.2.1.x-final

comment:2 Changed 6 years ago by nickm

  • Status changed from new to needs_review

Fixed in branch bug2384, I hope.

comment:3 Changed 6 years ago by arma

a42adfbf43025d looks fine.

I have not audited to see if we're missing anything, but what we did shouldn't (ha) break anything.

comment:4 Changed 6 years ago by nickm

  • Resolution set to fixed
  • Status changed from needs_review to closed


comment:5 Changed 5 years ago by nickm

  • Keywords tor-relay added

comment:6 Changed 5 years ago by nickm

  • Component changed from Tor Relay to Tor

comment:7 Changed 4 years ago by nickm

  • Milestone Tor: 0.2.1.x-final deleted

Milestone Tor: 0.2.1.x-final deleted

Note: See TracTickets for help on using tickets.