blob: 74a878dbe0876590c17e883e0db8597f32f0f344 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
o Major bugfixes:
- Tor tries to wipe potentially sensitive data after using it, so
that if some subsequent security failure exposes Tor's memory,
the damage will be limited. But we had a bug where the compiler
was eliminating these wipe operations when it decided that the
memory was no longer visible to a (correctly running) program,
hence defeating our attempt at defense in depth. We fix that
by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
is unlikely to optimize away. Future versions of Tor may use
a less ridiculously heavy approach for this. Fixes bug 7352.
Reported in an article by Andrey Karpov.
|