Not backporting this to 0.2.1: the risk/benefit there is too low.
Looks like my bug2384 branch already got merged into 0.2.2 a while ago: the remaining task is for somebody to carefully go through the rend*.c files to find what needs to be zeroed and add appropriate code to do so.
Trac: Milestone: Tor: 0.2.1.x-final to Tor: 0.2.2.x-final
The following instances of keys and key-derived material on the stack or heap occur. Whenever on the stack, we must be sure they are zeroed before the function returns. Whenever on the heap, zero before they are freed.
In rend_service_load_keys in 9f55dfd91561643, I think the duplicated free code is somewhat worrisome. I should check whether there's a reason not to use the goto err/goto done pattern there.
Same function, ab2e007ffbb6a6c, there are some internal spaces between the parens in the "if ( ... )" and the tested thing.
In the changes file, a changelog entry that says it's a bugfix is supposed to say what the bug number was and version the bug appeared in.
Okay, I just refactored the living heck out of rend_service_load_keys, because having two separate cleanup codas (one inside the loop and one outside) was making me super twitchy. Now branch "bug2385" in my public repository (based on yours) could use some review, when you have time.