[tor-commits] [tor/release-0.2.7] Refine the memwipe() arguments check for 18089 a little more.
nickm at torproject.org
nickm at torproject.org
Mon Mar 21 14:52:21 UTC 2016
commit e2efa9e321972709933b6b9a68da035e1a91aa08
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Jan 19 08:28:58 2016 -0500
Refine the memwipe() arguments check for 18089 a little more.
We still silently ignore
memwipe(NULL, ch, 0);
and
memwipe(ptr, ch, 0); /* for ptr != NULL */
But we now assert on:
memwipe(NULL, ch, 30);
---
src/common/crypto.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 4e0b383..8402ca0 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -3030,9 +3030,11 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
void
memwipe(void *mem, uint8_t byte, size_t sz)
{
- if (mem == NULL || sz == 0) {
+ if (sz == 0) {
return;
}
+ /* If sz is nonzero, then mem must not be NULL. */
+ tor_assert(mem != NULL);
/* Data this large is likely to be an underflow. */
tor_assert(sz < SIZE_T_CEILING);
More information about the tor-commits
mailing list