Merge branch 'bug7352_023_rebased' into maint-0.2.3

author: Nick Mathewson <nickm@torproject.org> 2012-11-08 16:45:46 -0500
committer: Nick Mathewson <nickm@torproject.org> 2012-11-08 16:45:46 -0500
commit: 9ad4776e6150a29fdfff607721599eb04c6e76d7 (patch)
tree: 7189ed200ae8f47bf7d3399d0b99243dc93bced3 /changes
parent: 758428dd32128874cefacc92ef63c1b5bc9a656e (diff)
parent: 49dd5ef3a3d1775fdc3c0a7d069d3097b3baeeec (diff)
download: tor-9ad4776e6150a29fdfff607721599eb04c6e76d7.tar
tor-9ad4776e6150a29fdfff607721599eb04c6e76d7.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/changes/bug7352 b/changes/bug7352
new file mode 100644
index 000000000..74a878dbe
--- /dev/null
+++ b/changes/bug7352
@@ -0,0 +1,12 @@
+  o Major bugfixes:
+    - Tor tries to wipe potentially sensitive data after using it, so
+      that if some subsequent security failure exposes Tor's memory,
+      the damage will be limited. But we had a bug where the compiler
+      was eliminating these wipe operations when it decided that the
+      memory was no longer visible to a (correctly running) program,
+      hence defeating our attempt at defense in depth. We fix that
+      by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
+      is unlikely to optimize away. Future versions of Tor may use
+      a less ridiculously heavy approach for this. Fixes bug 7352.
+      Reported in an article by Andrey Karpov.
+
author	Nick Mathewson <nickm@torproject.org>	2012-11-08 16:45:46 -0500
committer	Nick Mathewson <nickm@torproject.org>	2012-11-08 16:45:46 -0500
commit	9ad4776e6150a29fdfff607721599eb04c6e76d7 (patch)
tree	7189ed200ae8f47bf7d3399d0b99243dc93bced3 /changes
parent	758428dd32128874cefacc92ef63c1b5bc9a656e (diff)
parent	49dd5ef3a3d1775fdc3c0a7d069d3097b3baeeec (diff)
download	tor-9ad4776e6150a29fdfff607721599eb04c6e76d7.tar tor-9ad4776e6150a29fdfff607721599eb04c6e76d7.tar.gz