commit 6cb8c0fd4e9c544710b1ad72a695feb87a1d7ee7 Author: Nick Mathewson <nickm@torproject.org> Date: Tue Jan 19 08:28:58 2016 -0500 Refine the memwipe() arguments check for 18089 a little more. We still silently ignore memwipe(NULL, ch, 0); and memwipe(ptr, ch, 0); /* for ptr != NULL */ But we now assert on: memwipe(NULL, ch, 30); --- src/common/crypto.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index f913917..522c137 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2990,9 +2990,11 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret, void memwipe(void *mem, uint8_t byte, size_t sz) { - if (mem == NULL || sz == 0) { + if (sz == 0) { return; } + /* If sz is nonzero, then mem must not be NULL. */ + tor_assert(mem != NULL); /* Data this large is likely to be an underflow. */ tor_assert(sz < SIZE_T_CEILING);